Comments (5)
Not sure I'm following the question here - what are you looking to use Putty for? Is this a question about how to generate a reverse bind shell or something that you can use instead?
The payload can be any arbitrary shellcode, I just used msfvenom as an example. You'll be able to find something by looking for "reverse shell shellcode x86". Note that the payload you pick currently HAS to be x86 since I haven't implemented the x64 fix from CyberReason (https://www.cybereason.com/blog/excel4.0-macros-now-with-twice-the-bits).
from macrome.
this is a question of something else i can use instead of generating payload via msfvenom e.g putty.exe
from macrome.
AH - you want to be able to just jam an arbitrary executable inside and launch it. Got it - running an arbitrary executable that's not explicit shellcode is going to require a bit of extra work.
If we want to keep it entirely in memory, we'll need to load the executable reflectively like @subTee's PE loader for Katz. There's probably some nice kit for turning an executable into shellcode which loads it, but I don't know that off the top of my head. I do have a future feature planned to load a .NET host from Excel and then launch an assembly, but I don't think that's what you're talking about here. For now I'll consider this a feature request.
from macrome.
If you're looking for a workaround in the meantime - I might suggest https://github.com/hasherezade/pe_to_shellcode - this will let you convert a PE file into shellcode which can be executed via the current flow.
from macrome.
This is pretty much fixed with the newer Base64 encoding method - I've successfully been able to encode .net binaries with Donut as well as 5MB Go binaries using it. I'm closing this for now, but if folks have a specific payload that isn't working for them, please re-open the issue (or post a new one)!
from macrome.
Related Issues (15)
- error HOT 6
- Formula too long HOT 3
- Sequence contains no elements. HOT 3
- Decoy Documents can only have 1 sheet
- XOR Obfuscated Documents cannot have normal Images
- Auto_Open Obfuscation breaks auto execution on MacOS HOT 1
- i work on xlsb macro sheet (biff12) mal detect, read this xls code but noticed some record not in ms xls document , but macrome has HOT 4
- Why my xls just keep loading & stuck?
- Dotnet supported version HOT 4
- Crashes attempting to dump malicious spreadsheet HOT 8
- cobaltstrike HOT 18
- not working in Excel 2016 32bit HOT 21
- Auto_open Never Triggers HOT 7
- How to use msf to get reverse shell, I will crash here HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macrome.