Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/X-C3LL/xlsxPoison

Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin)
https://github.com/X-C3LL/xlsxPoison

Last synced: 22 days ago
JSON representation

Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin)

Host: GitHub
URL: https://github.com/X-C3LL/xlsxPoison
Owner: X-C3LL
Created: 2021-09-03T23:37:22.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-09-04T09:24:22.000Z (over 3 years ago)
Last Synced: 2024-08-05T17:26:14.760Z (4 months ago)
Language: C#
Size: 4.88 KB
Stars: 142
Watchers: 5
Forks: 24
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - X-C3LL/xlsxPoison - Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin) (C# #)

README

# xlsxPoison

Just a PoC to turn xlsx (regular Excel files) into xlsm (Excel file with macro) and slipping inside a macro (vbaProject.bin). The macro can be modified previously with any tool like [EvilClippy](https://github.com/outflanknl/EvilClippy)

Today most teams that work on common projects in companies tend to share files through network shares or cloud solutions like OneDrive. This fact means that low privileged users have the power to add or edit files on locations that are used by other users, so this situation can be turned into an opportunity for lateral movements or even privilege escalation. We can try to take advantage of this situation converting an existent .xlsx file into a .xlsm, so the user can open it and get "pwned" (it's more likely that the user will trust the "Macro" alert if the file is something he knows to be innofensive)

# How it works?
In the end XLSX/XLSM are just zip files that follows the Office Open XML file format, so we can do an unzip-edit-rezip to add our macro.

1. Unzip .xlsx
2. Fix `[Content_Types].xml` and `xl\_rels\workbook.xml.rels`
3. Copy the macro to `xl\`
4. Rezip it with the same name but replacing `xlsx` for `xlsm`
5. Set original file as "hidden"
6. Delete the temporal folder created

*Disclaimer: I tested it with a bunch of random .xlsx files. If you find a .xlsx that get corrupted please ping me at issues*

# Usage

```bash
xlsxPoison.exe file.xlsx vbaProject.bin
```
Example:
```bash
xlsxPoison.exe "C:\Users\avispa.marina\Desktop\Macros\target01.xlsx" "C:\Users\avispa.marina\vbaProject.bin"
```

# Author
Juan Manuel Fernández ([@TheXC3LL](https://twitter.com/TheXC3LL))