Through remote template injection, the attacker gains access to the target by sending a benign Microsoft Office file that depends on a malicious template. Once the user opens the file, the template will be downloaded, which may contain macros.
To carry out a remote template injection:
- Create a template file with macro included (save as .doc or .docm)
- Create another .docx file from any blank Microsoft template.
- Open the .docx file with 7-zip. Navigate to
word > _rels
- Edit
settings.xml.rels
- Replace
Target="..."
with the correct URL for the template file.
- Replace
Alternatively, use this Python script to automate this process.