Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
[*] Exported index.html, Launcher.hta, and unicorn.rc under hta_attack/.
[*] Run msfconsole -r unicorn.rc to launch listener and move index and launcher to web server.
[*] Exported index.html, Launcher.hta, and unicorn.rc under hta_attack/.
[*] Run msfconsole -r unicorn.rc to launch listener and move index and launcher to web server.
After:
[*] Exported index.html, Launcher.hta, and unicorn.rc under hta_attack/.
[*] Run msfconsole -r unicorn.rc to launch listener and move index and launcher to web server.
It's either twice or half as good, depending on your point of view.
Before:
After:
It's either twice or half as good, depending on your point of view.