LuckyStrike - PowerShell based utility for the creation of malicious Office macro documents
Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. See the "Installation" section below for instructions on getting started.
Generating a malicious macro doc is something that every pentester is well acquainted with. We use malicious macros all the time to gain footholds when other attacks don't work. We decided it was high time we had a tool that would automate as much as possible, allow us to reuse payloads, and include as many built in AV evasion techniques as we could. Luckystrike is a menu-driven PowerShell script that uses a sqlite database to store your payloads, code block dependencies, and working sessions in order to generate malicious .xls documents.
Prerequisites:
- PowerShell v5. The script is made to run on your machine, not your targets, so this shouldn't be a problem.
- Microsoft Office. Or at least Excel. Luckystrike uses the Excel COM objects to build .xls docs.
- PowerShell PSSQLite Module. The script will try an install this for you if not found.
Post a Comment