Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked EXCELntDonut: XLM (Excel 4.0) macro generator

itsMe

By MASTERitsMe
in Pentesting

 Share

Recommended Posts

itsMe Master Hacker

MASTERitsMe

Posted
Posted

This is the hidden content, please

EXCELntDonut

EXCELntDonut is an XLM (Excel 4.0) macro generator. Start with C# source code (EXE) and end with an XLM (Excel 4.0) macro that will execute your code in memory. XLM (Excel 4.0) macros can be saved in .XLS files.

How it works

You provide a C# file containing your payload (like an EXE with the main method that executes a cobalt strike beacon payload). That C# file is compiled using MCS into two .NET assemblies: x86 and x64. After compilation, the awesome tools Donut (for x86) and CLRvoyance (for x64) convert each assembly into position independent shellcode. Next, all null bytes are removed, since XLM (Excel 4.0) macros don’t play nicely with null bytes and the payload is chunked into lines with no more than 255 characters (for x86) or 10 characters (for x64).

Once the shellcode is prepared, it’s combined with basic process injection functions (VirtualAlloc, WriteProcessMemory, and CreateThread) as well as an architecture check function to determine which payload (x86 or x64) to run on the target system. If you elect to execute sandbox checks or basic obfuscation, then those functions will update your macro. Finally, the output is placed in a CSV file (saved as .txt).

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.