cedowens
Launched Encrypted Payload, but no connection
I installed the macro into a document, setup an EvilOSX listener, and opened the document (with macros enabled ofc). I was instantly notified by the listener that it launched a new encrypted payload, but the bot counter remained at 0. I have not been able to remedy this issue.
Thanks for reporting. I did some re-testing by generating EvilOSX paylaods a couple different ways and then trying the macros. I saw the exact same behavior you saw when using the EvilOSX GUI to generate a payload (i.e., python start.py and then generate the payload from that GUI). However, when I generate a payload using the "python start.py --builder" EvilOSX command the callback works fine and I can interact with the callback. Which method are you using for payload generation?
That's really odd because I'm using the command-line interface for payload generation. Also, wouldn't the payload file be the exact same regardless of whether it was generated by the CLI or GUI?
Yeah I think EvilOSX itself might have a glitch in how the GUI generates the payload versus the CLI generation...I even tried just running the python scripts from each manually and the one from the GUI error'd out while the CLI generated payload worked.
Still weird that the CLI build is not working for me. I'll try it again and get back to you.
UPDATE: I've now tested the macro generator on a freshly made EvilOSX payload (through CLI), using base64, hex, and Mac firewall on/off. Nothing worked. Each time, EvilOSX notified me that it created a new encrypted payload, yet no bot connected and nothing was installed on the victim machine
Strange...I am not able to reproduce this behavior when generating the payload via CLI. I will have some colleagues independently try to follow the steps and see if they encounter the same problem you are seeing. If so, I will update here.
I got the same problem. Actually, I found the macro will generate a payload in ~/Library/Containers/com.microsoft.Word/Data/Library/Containers/ .