Merge pull request #17 from VeryDampTowel/main

Add support for VBA shellcode
nickvourd · Apr 26, 2024 · 51f7f37 · 51f7f37
2 parents 0c48ea3 + bebc6c2
commit 51f7f37
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 7 deletions.
diff --git a/Packages/Arguments/Arguments.go b/Packages/Arguments/Arguments.go
@@ -23,7 +23,7 @@ type FlagOptions struct {
 }
 
 var (
-	version     = "2.0"
+	version     = "2.1"
 	versionName = "Thunder"
 	license     = "MIT"
 	authors     = [...]string{"@nickvourd", "@Papadope9", "@0xvm"}
@@ -60,7 +60,7 @@ func PrintAscii() {
 func Options() *FlagOptions {
 	inputFile := flag.String("input", "", "Path to a raw shellcode")
 	encryption := flag.String("enc", "", "Shellcode encoding/encryption (i.e., ROT, XOR, RC4, AES, CHACHA20)")
-	language := flag.String("lang", "", "Programming language to translate the shellcode (i.e., Nim, Rust, C, CSharp, Go, Python, PowerShell, Perl, Ruby, Java, Raw)")
+	language := flag.String("lang", "", "Programming language to translate the shellcode (i.e., Nim, Rust, C, CSharp, Go, Python, PowerShell, Perl, VBA, Ruby, Java, Raw)")
 	outFile := flag.String("output", "", "Name of the output shellcode file")
 	variable := flag.String("var", "shellcode", "Name of dynamic variable")
 	debug := flag.Bool("debug", false, "Enable Debug mode")
@@ -124,7 +124,7 @@ func ArgumentEmpty(statement string, option int) {
 		case 1:
 			logger.Fatal("The '-input' flag specifying the path to raw shellcode is mandatory.\n\n")
 		case 2:
-			logger.Fatal("The '-lang' flag specifying a valid language option is mandatory (e.g., C, CSharp, Rust, Nim, Go, Python, PowerShell, Perl, Ruby, Java, Raw).\n\n")
+			logger.Fatal("The '-lang' flag specifying a valid language option is mandatory (e.g., C, CSharp, Rust, Nim, Go, Python, PowerShell, Perl, VBA, Ruby, Java, Raw).\n\n")
 		case 3:
 			logger.Fatal("The size of the provided raw shellcode is too large!\n\n[!] The '-output' flag specifying the path to output shellcode is mandatory.\n\n")
 		default:
@@ -156,6 +156,10 @@ func ValidateArgument(argName string, argValue string, validValues []string) str
 		argValue = "perl"
 	}
 
+	if strings.ToLower(argValue) == "office" {
+		argValue = "vba"
+	}
+
 	if strings.ToLower(argValue) == "c#" || strings.ToLower(argValue) == "cs" || strings.ToLower(argValue) == "c-sharp" {
 		argValue = "csharp"
 	}

diff --git a/Packages/Converters/Converters.go b/Packages/Converters/Converters.go
@@ -146,6 +146,9 @@ func ConvertShellcode2Template(shellcode string, language string, length int, va
 	case "perl":
 		template := fmt.Sprintf(`my $%s = "%s";`, variable, shellcode)
 		return template
+	case "vba":
+		template := fmt.Sprintf(`%s = Array(%s)`, variable, shellcode)
+		return template
 	case "ruby":
 		template := fmt.Sprintf(`%s = "%s"`, variable, shellcode)
 		return template
@@ -164,11 +167,18 @@ func FormatShellcode(encryptedShellcode []byte, language string) string {
 	var formattedShellcode []string
 	var shellcodeFormatted string
 
-	for _, b := range encryptedShellcode {
+	for counter, b := range encryptedShellcode {
 		if language == "python" || language == "perl" || language == "c" || language == "ruby" {
 			formattedShellcode = append(formattedShellcode, fmt.Sprintf("\\x%02x", b))
 		} else if language == "java" {
 			formattedShellcode = append(formattedShellcode, fmt.Sprintf("(byte) 0x%02x", b))
+			// Respect VBAs string length limit
+		} else if language == "vba" {
+			if (counter%50) == 0 && counter > 0 {
+				formattedShellcode = append(formattedShellcode, fmt.Sprintf("_\n%d", b))
+			} else {
+				formattedShellcode = append(formattedShellcode, fmt.Sprintf("%d", b))
+			}
 		} else {
 			formattedShellcode = append(formattedShellcode, fmt.Sprintf("0x%02x", b))
 		}

diff --git a/README.md b/README.md
@@ -61,6 +61,7 @@ Supernova offers automatic conversion of the encrypted shellcode into formats co
 - Python
 - Perl
 - PowerShell
+- VBA (Implemented by [@verydamptowel](https://twitter.com/verydamptowel))
 - Java
 - Ruby
 - Raw (Implemented by [@y2qaq](https://twitter.com/y2qaq))
@@ -121,7 +122,7 @@ go build Supernova
 ███████║╚██████╔╝██║     ███████╗██║  ██║██║ ╚████║╚██████╔╝ ╚████╔╝ ██║  ██║
 ╚══════╝ ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝ ╚═════╝   ╚═══╝  ╚═╝  ╚═╝
 
-Supernova v2.0 - Real fucking shellcode encryptor & obfuscator tool.
+Supernova v2.1 - Real fucking shellcode encryptor & obfuscator tool.
 Supernova is an open source tool licensed under MIT.
 Written with <3 by @nickvourd, @Papadope9 and @0xvm.
 Please visit https://github.com/nickvourd/Supernova for more...
@@ -136,7 +137,7 @@ Usage of Suprenova:
   -key int
         Key length size for encryption (default 1)
   -lang string
-        Programming language to translate the shellcode (i.e., Nim, Rust, C, CSharp, Go, Python, PowerShell, Perl, Ruby, Java, Raw)
+        Programming language to translate the shellcode (i.e., Nim, Rust, C, CSharp, Go, Python, PowerShell, Perl, VBA, Ruby, Java, Raw)
   -obf string
         Shellcode obfuscation (i.e., IPV4, IPV6, MAC, UUID)
   -output string

diff --git a/Supernova.go b/Supernova.go
@@ -49,7 +49,7 @@ func main() {
 	Arguments.ArgumentEmpty(options.Language, 2)
 
 	// Call function ValidateArgument
-	foundLanguage := Arguments.ValidateArgument("lang", options.Language, []string{"Nim", "Rust", "C", "CSharp", "Go", "Python", "PowerShell", "Perl", "Ruby", "Java", "Raw"})
+	foundLanguage := Arguments.ValidateArgument("lang", options.Language, []string{"Nim", "Rust", "C", "CSharp", "Go", "Python", "PowerShell", "Perl", "VBA", "Ruby", "Java", "Raw"})
 
 	if options.Encryption == "" && options.Obfuscation == "" {
 		logger := log.New(os.Stderr, "[!] ", 0)