Code is here.
Original blog post here.
Derbycon talk here (luckystrike begins at 18:45)
- Full support for Microsoft Word output (.doc), as well as Word-based template storage.
- Support for Invoke-Obfuscation of PowerShell based payloads as well as PowerShell Shell commands (e.g. powershell -nop -enc ...)
- New Payload Type: COM Scriptlets. Receives a URL that points to your scriptlet and can fire it via the following Infection Types (based on amazing @subTee research):
- Excel DDE Infection Type added: Research. Note that your first Shell Command payload word is the command run by DDE.
- A truckload of bug fixes
- Luckystrike's -API switch allows it to be scriptable. See my Pester script for examples.
- I also filled out the wiki to make it easy to get assistance.
I highly encourage you to read the wiki before installing, but if you're antsy, you can install with this PowerShell command (run in an admin context):
iex (new-object net.webclient).downloadstring('https://git.io/v7kbp')
Normally luckystrike will prompt you when there is a new upgrade. However, I just switched repos, so this creates a problem. Easiest is just to install new, but if you have templates/payloads that you want to preserve, you can upgrade easily by opening luckystrike.ps1 in an editor and change the old repo location to the new repo location. Once you save/close/relaunch, luckystrike will pick up the changes from the new repo and prompt you to upgrade.
If you encounter an error and/or need other assistance, please run luckystrike with the -Debug switch. It will create a debug log that you must upload with your github issue, otherwise you can expect me to not respond!
I do not offer help in making payloads. Please stop asking.
Huge thanks to Casey Smith for continuing to put out awesome research, Daniel Bohannon for incredible obfuscation work, and Steve McKenzie for help testing and git-fu. <3 you guys!