Skip to main content

Use PowerShell in Excel VBA

VBA in Excel is very helpful since it can run things without any human intervention, or technically it can run task and automate things and just get the result.

VBA coupled with PowerShell can even be more interesting. Of course, there is always some drawback or pros and cons.

Bad actor can take advantage of VBA and PowerShell to run malicious software on user’s computer.

For most users who are not aware or doesn’t believe that VBA and PowerShell can be used to steal data, one common reaction is; Is it possible? Or you are just trying to exaggerate and scare people?

As the odds say, to see is to believe. Or to see it in action is one thing and trying to educate users is another thing. Cyber Security is a task that everyone should be a part of, a chain is useless if one its link is weak. Which is basically, true in digital world.

The company may spend thousands of moneys on Firewall, Anti-Virus and other devices or software to thwart attack but just a simple click on a Phishing email of an unaware email user will defeat all security measures.

VBA code below, shows on how to use PowerShell on Excel VBA.

Sub vba_powershell()

Dim varx As String

Dim wshell As String

 

'Code below will minimized all  open windows

varx = Shell("PowerShell (New-Object -comobject Shell.Application).ToggleDesktop()")

 

'This will open Notepad

wshell = Shell("PowerShell (New-Object -ComObject wscript.shell).run('Notepad')")

 

'Wait for 5 seconds

Application.Wait DateAdd("s", 5, Now)

 

'Send the string to Notepad

Application.SendKeys ("Hello, be careful of opening files with Excel Macros!")

 

'This will open c:\Temp folder

'A network location can be used by replacing with a UNC path such as: \\server01\sharefolder

wshell = Shell("PowerShell (New-Object -ComObject Shell.Application).open('C:\Temp')")

 

End Sub

  

Above code is quite friendly but of course, it can be tweaked and change the code to download a malicious file from the internet, or run a malicious app that is already on the hard drive. Never run an  Excel macro that is not trusted, or just out of curiosity and take the risk. 

Some users think that the anti-virus or other security measures set on the network will do its job and they will be totally protected, such mindset will wreak the whole company network. Malicious code that has not been detected, newly found security hole or any bug that is not yet known, can be exploited by bad actors and all security measures can easily be bypassed.

Cheers...till next time. Stay safe and keep praying that this pandemic will end.

================================

Free Android Apps:

Click  links below to find out more:

Excel Keyboard guide:

Heaven's Dew Fall  Prayer app for Android :



Catholic Rosary Guide  for Android:
Pray the Rosary every day, countless blessings will be showered upon your life if you recite the Rosary faithfully. 
https://play.google.com/store/apps/details?id=com.myrosaryapp

Divine Mercy Chaplet Guide (A Powerful prayer) BFF = Be Filled Faith:

Labels:

Comments

  1. AnonymousJune 11, 2021 at 8:59 PM

    Good article. I would just like to underscore your point about the importance of never running macros from sources you don't know / do not trust. I would also add that, looking at the code above, powershell isn't even needed - VBA can do all of that by itself without have to rely on Powershell!

    ReplyDelete

Post a Comment

Popular posts from this blog

Notepad++ convert multiple lines to a single line and vice versa

Notepad++ is an awesome text editing tool, it can accept regex to process the text data. If the data is in a “.csv” format or comma separated values which is basically just a text file that can either be opened using a text editor, excel or even word. Notepad++ can process the contents of the file using regex. Example if the data has multiple rows or lines, and what is needed is to convert the whole lines of data into a single line. Notepad++ can easily do it using regex. However, if the data is on a single line and it needs to be converted into multiple lines or rows then regex can also be used for this case. Here’s an example on how to convert multiple rows or lines into a single line. Example data: Multiple rows, just a sample data. Press Ctrl+H, and  on "Find what" type: [\r\n]+ and on "Replace with" type with: , (white space) --white space is needed if need to have a space in between the data. See image below, "Regular Expression" must be se
1 comment
Read more

WMIC get computer name

WMIC get computer model, manufacturer, computer name and  username. WMIC is a command-line tool and that can generate information about computer model, its manufacturer, its username and other informations depending on the parameters provided. Why would you need a command line tool if there’s a GUI to check? If you have 20 or 100 computers, or even more. It’s quite a big task just checking the GUI to check the computer model and username. If you have remote computers, you need to delegate someone in the remote office or location to check. Or you can just write a batch file or script to automate the task. Here’s the code below on how get computer model, manufacturer and the username. Open an elevated command prompt and type:     wmic computersystem get "Model","Manufacturer", "Name", "UserName" Just copy and paste the code above, the word “computersystem” does not need to be change to a computer name. A
Post a Comment
Read more

How to check office version from command line

The are quite a few ways to check office version it can be done via registry, PowerShell or VBScript and of course, good old command line can also do it. Checking Windows office version whether it is Office 2010, Office, 2013, Office 2016 or other version is quite important to check compatibility of documents; or just a part of software inventory. For PowerShell this simple snippet can check the office version: $ol = New-Object -ComObject Excel.Application $ol . Version The command line option will tell you where’s the path located; the result will also tell whether office is 32-bit, 64-bit and of course the version of the office as well. Here’s the command that will check the office version and which program directory the file is located which will tell whether it’s 32-bit or 64-bit. Command to search for Excel.exe: DIR C:\ /s excel.exe | find   /i "Directory of"  Above command assumes that program files is on  C: drive. Sample Outpu
Post a Comment
Read more