Didier Stevens

Thursday 23 October 2008

Excel Exercises in Style

Filed under: Hacking — Didier Stevens @ 10:34

I developed another variant of my “Excel macro injects embedded DLL” script.

In stead of creating and loading a temporary DLL from VBScript, I inject and execute shellcode directly from the VBA application.

Some HIPS would prevent my previous script from running, because it loaded an unapproved DLL. But my new version doesn’t load a DLL.

Of course, writing shellcode is more difficult than developing a PE executable.

9 Comments »

  1. [...] office documents (e.g. a spreadsheet). Macros can also be digitally signed. So if you’ve that special spreadsheet macro to execute, but your Excel configuration requires macros to be signed, this howto is what [...]

    Pingback by Howto: Add a Digital Signature to an Office Document « Didier Stevens — Monday 5 January 2009 @ 21:19

  2. Is there a download link?

    Comment by anonymous — Wednesday 6 May 2009 @ 3:33

  3. I just posted it: http://blog.didierstevens.com/2009/05/06/shellcode-2-vbscript/

    Comment by Didier Stevens — Wednesday 6 May 2009 @ 9:07

  4. [...] Filed under: Hacking, My Software — Didier Stevens @ 9:06 I had not posted my Python script to convert shellcode to VBScript, so here it [...]

    Pingback by Shellcode 2 VBScript « Didier Stevens — Wednesday 6 May 2009 @ 9:07

  5. Why you call it VBScript? It is plain VBA, Visual Basic for Applications. And it is incompatible with VBS.

    Comment by vbs — Wednesday 6 May 2009 @ 12:27

  6. > Why you call it VBScript?

    To which “it” are you referring? Because I have a Python script that can generate both VBScript and VBA for an executable.

    Comment by Didier Stevens — Wednesday 6 May 2009 @ 12:56

  7. [...] — Didier Stevens @ 5:40 Per request, I release my assembly code I’ve used in my previous blogposts to display a message box when the injected shellcode gets executed. It’s nothing special, but [...]

    Pingback by MessageBox Shellcode « Didier Stevens — Tuesday 30 June 2009 @ 6:33

  8. [...] previous posts, I showed how to load a DLL or shellcode with VBA in Excel. This is a combination of both techniques: a VBA macro loads and executes [...]

    Pingback by Quickpost: Shellcode to Load a DLL From Memory « Didier Stevens — Thursday 28 January 2010 @ 3:09

  9. [...] to “inject” shellcode (stored inside macros) into the Excel process itself. Details here and source code [...]

    Pingback by Excel with cmd.dll & regedit.dll « Didier Stevens — Monday 8 February 2010 @ 21:18


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 227 other followers

%d bloggers like this: