Payload about macrome HOT 5 CLOSED

Not sure I'm following the question here - what are you looking to use Putty for? Is this a question about how to generate a reverse bind shell or something that you can use instead?

The payload can be any arbitrary shellcode, I just used msfvenom as an example. You'll be able to find something by looking for "reverse shell shellcode x86". Note that the payload you pick currently HAS to be x86 since I haven't implemented the x64 fix from CyberReason (https://www.cybereason.com/blog/excel4.0-macros-now-with-twice-the-bits).

from macrome.

this is a question of something else i can use instead of generating payload via msfvenom e.g putty.exe

from macrome.

AH - you want to be able to just jam an arbitrary executable inside and launch it. Got it - running an arbitrary executable that's not explicit shellcode is going to require a bit of extra work.

If we want to keep it entirely in memory, we'll need to load the executable reflectively like @subTee's PE loader for Katz. There's probably some nice kit for turning an executable into shellcode which loads it, but I don't know that off the top of my head. I do have a future feature planned to load a .NET host from Excel and then launch an assembly, but I don't think that's what you're talking about here. For now I'll consider this a feature request.

from macrome.

If you're looking for a workaround in the meantime - I might suggest https://github.com/hasherezade/pe_to_shellcode - this will let you convert a PE file into shellcode which can be executed via the current flow.

from macrome.

This is pretty much fixed with the newer Base64 encoding method - I've successfully been able to encode .net binaries with Donut as well as 5MB Go binaries using it. I'm closing this for now, but if folks have a specific payload that isn't working for them, please re-open the issue (or post a new one)!

from macrome.