New Pen Test Tool Tricks Targets with Microsoft WCX Files

The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.

Dark Reading Staff, Dark Reading

August 31, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A new open-source penetration testing tool, dubbed Firework, will let pen testers collect sensitive data by tricking their targets into opening Microsoft WCX files.

Firework is a Python-based tool designed to find weak spots in enterprise security practices, and address the issue of social engineering tactics in corporate network breaches. It leverages these techniques to get targets to open a WCX file, which can be used to configure a Microsoft Workplace on a system and grant an attacker remote access.

An attacker could leverage the Workspace functionality to deploy a malicious application or desktop as part of a larger social engineering campaign. This could have broader implications; for example, data loss in the event that local resources are mapped to an attacker's terminal server.

Once the target opens the file, the tool links to Firework, gathers credentials (including password hashes), and offers resources that were set up in the file, such as links to potentially malicious Office documents or a remote desktop environment that the pen tester controls.

Read more details here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights