Outlook SMB Email Plugin

Description: A guide explaining how to create an 'SMB Email' macro button in Outlook 2016. The purpose of this button is to generate a new email with HTML content included, specifically an SMB image tag for capturing user's credentials (as discussed in Capturing Creds through Email and HTML Image Tags).

Plugin code: https://github.com/ac3lives/Outlook-SMB-Tag-Injector
Note - This post does not cover how to capture credentials with SMB image tags. If you want to learn, please see the post located here: http://www.acenyethehackerguy.com/2017/11/capturing-creds-through-email-and-html.html
Installation Process
There are three parts to implementing this button:
  1. Enable macro prompts in Outlook 2016
  2. Create a new macro project with code provided
  3. Add the macro project to your toolbar as an icon
Enable Macro Prompts in Outlook 2016:
  1. Select ‘File’ and then ‘Options’
  2. In Outlook Options, select ‘Trust Center’
  3. Select ‘Trust Center Settings’
  4. Select ‘Macro Settings’ and then ‘Notifications for all macros’
(Do not enable all macros by default, terrible idea for security)

Create Macro Project in Visual Basic Editor:
  1. Press Alt+F11 when in Outlook to open Microsoft Visual Basic for Applications
  2. Select the ‘Insert’ button and then ‘Module’
  3. Insert the VBA code contained in the appendix (bottom of the page) and click ‘Save’

Add Macro Project to Toolbar as Icon:
  1. Select ‘File’ and then ‘Options’
  2. Select ‘Customize Ribbon’
  3. Select ‘New Group’ and create the group “SMB Email”
  4. From ‘Choose commands from’ select ‘Macros’
  5. In the right pane, select the ‘SMB Email (custom)’ group, then on the left click your Project#.HTMLMessage macro and select ‘Add’
  6. In the right pane, right click on the newly added ‘Project#.HTMLMessage’ macro and select ‘Rename’. Name the button as you see fit and give it an Icon
  7. Select ok. You are done and the button should now appear in your outlook toolbar.

SMB Email Button Usage
  • In outlook, under your ‘Home’ ribbon, a button should appear with the icon and name provided in step 6 of the button creation. Click on the button.
  • A pop-up box will appear asking you to enter SMB tags. This is the entire image tag or HTML code snippet you would like inserted. By default, two image tags are provided. Where is says ‘IPADDRESS’, replace this field with your SMB Server listener IP address.
  • Click ‘Ok’. A new email will be created. Leave the broken image icons in the email, these are your SMB image tags. Delete the ‘smb Image Tag below’ text.
  • Fill out your phishing email as you see fit in order to get your target to download HTML code.