added most of documentation

documentation/modules/exploit/multi/fileformat/libreoffice_macro_exec.md

@@ -0,0 +1,41 @@
+## Description
+
+  This module exploits a directory traversal vulnerability in LibreOffice `v6.1.0-6.1.4.1` that enables remote code execution.
+  Note: `6.0.x` versions are vulnerable to the directory traversal attack, but are not exploitable by this module due to the
+  lack of ability to pass arguments.
+
+  LibreOffice comes bundled with sample macros written in Python and allows the ability to bind program events
+  to them. A macro can be tied to a program event by including the script that contains the macro and the function
+  name to be executed. Additionally, a directory traversal vulnerability exists in the component that references the
+  Python script to be executed. This allows a program event to execute functions from Python scripts relative to the
+  path of the samples macros folder. The `pydoc.py` script included with LibreOffice contains the `tempfilepager` function
+  that passes arguments to `os.system`, allowing RCE.
+
+  This module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
+
+## Vulnerable Application
+
+  LibreOffice `v6.1.0-6.1.4.1`. Vulnerable versions for both Windows and Linux can be found [here](https://downloadarchive.documentfoundation.org/libreoffice/old/).
+
+## Verification Steps
+
+  1. Install the application
+  2. Start msfconsole
+  3. Do: ```use exploit/multi/fileformat/libreoffice_macro_exec```
+  4. Do: ```set FILENAME <name>```
+  5. Do: ```set LHOST <ip>```
+  6. Do: ```set LPORT <port>```
+  7. Do: ```run```
+  8. Move the generated file to the target
+  9. Open the file with a vulnerable version of LibreOffice
+ 10. You should get a shell.
+
+## Scenarios
+
+### Version of software and OS as applicable
+
+  ```
+  msf > use module_name
+  msf auxiliary(module_name) > set POWERLEVEL >9000
+  msf auxiliary(module_name) > exploit
+  ```