This repository contains a collection of VBA macro scripts designed for Red Team engagements and offensive cybersecurity purposes. These macros demonstrate various techniques, including reverse shells, persistence, data exfiltration, and command execution.
Disclaimer: These scripts are provided for educational purposes only. Unauthorized use of these scripts is strictly prohibited and may violate laws or ethical guidelines. The author is not responsible for any misuse.
- Reverse Shell: Creates a PowerShell-based reverse shell to connect to a remote server.
- Persistence: Adds a registry key to achieve persistence.
- Hidden Command Execution: Executes hidden shell commands.
- Command Execution: Runs a PowerShell command and saves its output.
- Download & Execute: Downloads and executes a payload from a remote server.
- Ensure that macros are enabled in Microsoft Office.
- Host any required payloads (e.g., reverse shells, executables) on a server you control.
- Update URLs or file paths in the macros to match your setup.
- Open Microsoft Office (Word, Excel, or PowerPoint).
- Open the VBA Editor:
- Press
Alt + F11.
- Press
- Copy and paste the desired macro into the ThisWorkbook, Sheet, or Module section.
- Save the file as a macro-enabled document (e.g.,
.xlsmor.docm). - Distribute the file as part of a phishing campaign or Red Team exercise.
poc.mp4
- Enable Macros: For these scripts to work, macros must be enabled in the target system.
- Testing: Always test in a controlled environment before deploying.
- Logs: Monitor logs to ensure the script behaves as expected.
These scripts are intended for authorized Red Team assessments and educational purposes only. Do not use these scripts without proper authorization. Any misuse of these scripts is your responsibility, and the author is not liable for damages or consequences.
This project is licensed under the MIT License - see the LICENSE file for details.