Please help answer my question sir

trustedsec / unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

https://www.trustedsec.com

Other

3.74k stars 817 forks source link

Please help answer my question sir #113

Closed tygaking009 closed 5 years ago

tygaking009 commented 5 years ago

I would like to ask does unicorn work only on 64 bit machines??? Windows 7/8/10?

tygaking009 commented 5 years ago

I created a payload and ran it on a 32 bit system and i did not get a session. -- please how can i fix this?

dsx12 commented 5 years ago

Likely it is patched, run in cmd "powershell attackfile.ps1"

You will likely get a output saying "


This script contains malicious content and has been blocked by your antivirus software.
+ CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ScriptContainedMaliciousContent
"
if so the script is now blocked by antivirus software.

dsx12 commented 5 years ago

If you play with the code you may be able to bypass, though..

tygaking009 commented 5 years ago

Please what other scripts would you recommend?

trustedsec commented 5 years ago

Microsoft releases updates since this is a highly popular and public tool. I make changes here and there which are trivial, but take time to do.