HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Macro Pack v2.0.1

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,455
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
mp_intro.png


Short description

The macro_pack is a tool used to automatize obfuscation and generation of retro formats such as MS Office documents or VBS like format. Now it also handles various shortcuts formats.
This tool can be used for redteaming, pentests, demos, and social engineering assessments. macro_pack will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other payload type.

It is very simple to use:

  •     No configuration
  •     Everything can be done using a single line of code
  •     Generation of majority of Office formats and VBS based formats
  •     Payloads for advanced social engineering attacks (email, USB key, etc)

The tool is compatible with payloads generated by popular pentest tools (Metasploit, Empire, ...). It is also easy to combine with other tools as it is possible to read input from stdin and have a quiet output to another tool. This tool is written in Python3 and works on both Linux and Windows platform.

Note: Windows platform with the right MS Office applications installed is required for Office documents automatic generation or trojan features.

Obfuscation

The tool will use various obfuscation techniques, all automatic. Obfuscation features are compatible with all VBA and VBS based format which can be generated by macro_pack.

Basic obfuscation (-o option) includes:

    Renaming functions
    Renaming variables
    Removing spaces
    Removing comments
    Encoding Strings

Note that the main goal of macro_pack obfuscation is not to prevent reverse engineering, it is to prevent antivirus detection.

Generation

Macro Pack can generate several kind of MS office documents and scripts formats. The format will be automatically guessed depending on the given file extension. File generation is done using the option --generate or -G.
Macro Pack pro version also allow to trojan existing Office files with option --trojan or -T

Ms Office Supported formats are:

    MS Word (.doc, .docm, .docx, .dotm)
    MS Excel (.xls, .xlsm, .xslx, .xltm)
    MS PowerPoint (.pptm, .potm)
    MS Access (.accdb, .mdb)
    MS Visio (.vsd,.vsdm)
    MS Project (.mpp)

Scripting (txt) supported formats are:

    VBA text file (.vba)
    VBS text file (.vbs).
    Windows Script File (.wsf)
    Windows Script Components scriptlets (.wsc, .sct)
    HTML Applications (.hta)
    XSLT Stylesheet (.xsl) (Yes MS XSLT contains scripts ^^)

Shortcuts/Shell supported formats are:

    Shell Link (.lnk)
    Explorer Command File (.scf)
    URL Shortcut (.url)
    Groove Shortcuts (.glk)
    Settings Shortcuts (.settingcontent-ms)
    MS Library (.library-ms)
    Setup Information (.inf)
    Excel Web Query (.iqy)
    Visual Studio Project (.csproj)
    Command line (.cmd)
    SYmbolic LinK (.slk) Pro version only
    Compressed HTML Help (.chm) Pro version only

Note that all scripting and shortcuts formats (except LNK) can be generated on Linux version of macro_pack as well.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top