BadOutlook : Malicious Outlook Reader

BadOutlook is a simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a specific trigger subject line.

By utilizing the Microsoft.Office.Interop.Outlook namespace, developers can represent the entire Outlook Application (or at least according to Microsoft). This means that the new application should be able to do anything from reading emails (yes this also includes archives, trash, etc.) to sending them out.

Building on the millions of pre-existing C# shellcode loaders, an email with a trigger subject line and base64 encoded shellcode in the body can be sent to the host with a weaponized instance of this program. The program will then read the email and execute the shellcode embedded in the email.

Additional Notes

This can be used to build an Entire C2 Framework that relies on E-Mails as a mean of communication (Where the Implant never speaks to the internet directly)
There does appear to be a security warning which informs the user of an application attempting to access Outlook data
- This can be turned off with when an administrator modifies the registry as shown here.
- Minor testing showed that Injecting this process into an Outlook client does not cause the alert to appear (Additional testing would be much appriciated <3)

PoC

Application Polling Outlook for Trigger

Trigger Email With Shellcode Creation

Email Recived By Outlook Client

Shellcode Execution by BadOutlook Application

Related

Caro Kann – Evading Kernel Scans with Encrypted Shellcode

September 20, 2023

In "Exploitation Tools"

Jektor : A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

February 14, 2022

In "Kali Linux"

Go-Shellcode : A Repository Of Windows Shellcode Runners And Supporting Utilities

August 11, 2021

In "Kali Linux"

R K

Next How to get free Instagram Followers fast? »

Previous « Gitrecon : OSINT Tool To Get Information From A Github Profile

Share

Published by

R K

Tags: BadOutlookMaliciousOutlookOutlook Reader

5 years ago

Recent Posts

Cyber security

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

1 week ago

TECH

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

2 weeks ago

TECH

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

2 weeks ago

OSINT

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

2 weeks ago

Cyber security

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 months ago

Linux

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 months ago

L