LuckyStrike and custom Metasploit loader

Lucky Strike is awesome.  So I wanted to share my findings from experiments I have made.



TL:DR – LuckyStrike is an Excel file generator that will create an Excel file with a custom executable payload embedded as a macro. It has other features as well, but I was only interested in the custom EXE file insertion.

The Github for LuckyStrike is here

Greetings to curi0usJack

Software I have used :

So first we need to prepare the LuckyStrike environment… In Windows 10 (64bit) you need to enable this for Power Shell environment:

(Run Windows PowerShell ISE with admin privileges and set the execution policy ; execute it from some directory where you expect to have the LuckyStrike directory)

Set-ExecutionPolicy RemoteSigned

powershell-policyNext we install the LuckyStrike as suggested by the author

iex (new-object net.webclient).downloadstring('')

Accept all options and allow the PSSQLite module  installation.

We are ready to start Lucky Strike. Goto the dir where your LuckyStrike is and execute the PowerShell script


ls-01Next we need to create a payload template to use in our poisoned Excel documents.

ls-02Next we add a new payload to the catalogue.

ls-03Add the generated EXE via 

Make sure you type the C: with CAPITAL case, lower case for some reason always failed :)

ls-04Select the new payload template to be used for the Excel file and choose the infection method – “Save To Disk”

ls-05Now generate the Excel with the selected custom payload.

Poisoned Excel is ready in the luckystrike\payloads directory

Execute it and enjoy the shell ;)

Attached is the video recording of the above










About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.