An tutorial by Niall.
This guide will go through the steps taken in order to create a malicious macro-enabled Excel worksheet. The tutorial will explain how to use msfvenom to create an x64 reverse shell, how to install and use luckystrike and how to set up a listener in order to detect the reverse shell. This tutorial will be catered to work on a local area network
This guide will not give details on how to distribute the documents created and is for educational purposes only.
This part of the tutorial will contain instructions on how to create your reverse shell.
The image above shows a terminal running the msfvenom command that will generate a x64 windows reverse shell. When entering this command, ensure that LHOST is the IP address of your Kali machine.
You will want to now store your executable on a USB or transfer it over to your windows machine.
Please note: You may use any executable, powershell module or shell command, but this tutorial will use a simple reverse shell.
This part of the tutorial will walk through how to install Luckystrike in order to create our macro-enabled worksheets.
Open powershell as admin and run the following:
iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Shellntel/luckystrike/master/install.ps1')
Luckystrike can be downloaded from their github here: LuckyStrike Github Once you have downloaded the source, browse to the Luckystrike directory and run
If you get the execution policy error, the fix is:
Both these methods do the following:
You should have now successfully built Luckystrike
Once the above step has been completed, browse to your Luckystrike directory and run
Now we need to add our payload to Luckystrikes catlogue, select the payload and generate the .xls document. See the following images:
Your .xls file should be generated and stored in the path specified. Now rename it to something better and set up a listener.
As you are in a test environment and wouldn't be doing anything illegal, simply open your excel document on the machine you created it on and enable macros when prompted.
If successful and your document is ran and macros enabled, it will connect back to your Kali machine and your listener will look like this:
Any questions hmu on Slack.