Invoke-NoShell: All the Power with no Shell
Invoke-NoShell outputs a Mircosoft Office Word .doc file with an embedded macro. It allows the automation of multiple similar versions of files, allowing to test how slight differences will affect it. Currently, only Powershell payloads are supported.
The tool was launched at BSdiesTLV 2018, you may find the presentation in this repository.
You need to have Microsoft Office installed in order to run this script. The script will set the following key in order to allow automatic interaction with Word:
The tool was tested with Windows 10 x64, Office 2016 and PowerShell 5.0 but should work on other setups as well.
git clone https://github.com/G4lB1t/Invoke-NoShell.git
Invoke-NoShell has 4 optional parameters:
-docPath [-D] Full path for the output file.
-payloadPath [-P] Full path of a text file containing Powershell payload to embed
-docGenerationMod [-M] A or M – for auto or manual payload generation mode
-lureText [-T] Text to be displayed in the doc for the unsuspecting victim
Create all 12 possible permutations with the lure text “open sesame” armed with the Powershell script
Invoke-NoShell.ps1 -M A -T "Open sesame" -P c:\MyPowershellz\payload.ps1
Create a single document, manually select all the parameters
Invoke-NoShell.ps1 -M M
Create all 12 possible permutations in the folder C:\MyDocsFolder
Invoke-NoShell.ps1 -D C:\MyDocsFolder -M A