XLSinjector
I have just written a new script to injects meterpreter shell to excel file.
This will speed up the pentesting process to embed malicious VBA scripts in excel files.
For this script to work, you will need windows, microsoft excel, perl and perl module Win32:OLE
To install perl module Win32:OLE (take note that its case sensitive)
C:\> CPAN
cpan> install Win32:OLE
You can find my project at http://code.google.com/p/xlsinjector/
To run the script, simple type
[If you want it to download an excel file from the web]
C:\ perl xlsinjector.pl -u http://website/excel.xls -o 1234.xls
[If you want it to use a local excel file. Put the excel file in the same folder as the script]
C:\ perl xlsinjector.pl -i excel.xls -o 1234.xls
The -o argument is optional.
You can also view my demonstration video at securitytube.net
http://securitytube.net/Injecting-Meterpreter-into-Excel-files-using-XLSInjector-video.aspx
Milo2012's Security Blog 
is this any different than just using msfpayload to output the vba code and pasting the macro in yourself?
The only difference is automation. I’m thinking of whether to add in the feature of scanning network drives and appending the vba code to all excel files that it can find. That is the reason why I wrote this code. Not sure if anyone would want this though.
Hi Milo,
I trying to run the script, but I got this error:
[*] Mail bug reports and suggestions to
Can’t call method “VBComponents” on an undefined value at xlsinjector.pl line 62
.
I installed the required module Win32:OLE
Going to write C:\Perl\cpan\Metadata
Win32::OLE is up to date (0.1709).
Check out this video. There is some VBA settings inside excel that you need to enable before the script will work. Thanks
http://securitytube.net/Injecting-Meterpreter-into-Excel-files-using-XLSInjector-video.aspx