Skip to content
This repository has been archived by the owner on Apr 13, 2021. It is now read-only.

Home

Jump to bottom
curi0usJack edited this page Jul 22, 2017 · 4 revisions

Luckystrike Wiki

Luckystrike is a menu-drive (SET style) PowerShell-based generator of malicious .xls and .doc documents. All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. See the "Installation" section below for instructions on getting started.

Initial Blog Post & Demonstration: https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
DerbyCon 6.0 Tool Drop Talk: https://www.youtube.com/watch?v=1Yzg1xps2kE

Installation

Requirements

  1. Windows 7/10 (preferably x64)
  2. PowerShell v5+
  3. Microsoft Office 2010+ installed

To install, execute the following command from an administrative PowerShell prompt (Required to install the PSSQLite module). A luckystrike directory will be created automatically.

iex (new-object net.webclient).downloadstring('https://git.io/v7kbp')

To run, simply cd to the luckystrike directory, then .\luckystrike.ps1

Uprgrading

Luckystrike will check for updates upon opening. You will be prompted to update. Any templates and payloads you have in the database are preserved.

Issues

If you have a problem with luckystrike, do the following:

  1. Run luckystrike with the -Debug switch. This will create a file in the luckystrike directory called ls-debug-NUMBERS.log
  2. Reproduce the issue in luckystrike.
  3. Create a new issue in github. Post a screenshot of the error and attach the debug log file (scrub anything you might consider to be sensitive).
  4. Wait patiently. I'm one guy.

Please do not ask me why your Office install broke, or why PowerShell isn't working, or why it's not working in Office 2003. Common sense & helpfulness go a long way to getting your issue fixed.

Contributions

I always welcome pull requests. But honestly, the best way to contribute is a new attack method. Best thing you could do is send me a working .xls or .doc file that pops calc in a novel way. I'll include the attack method into luckystrike.

curi0sjack [at] gmail [dot] com
Twitter: @curi0usJack

Clone this wiki locally