search

trustedsec / unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
https://www.trustedsec.com
Other
3.74k stars 817 forks source link

download_exec for HTA #43

Closed moaeddy closed 7 years ago

moaeddy commented 7 years ago

can you try implement download_exec for HTA file? the reverse is kinda suck sometimes and would have been really good if can use download_exec command

Shares

moaeddy commented 7 years ago

the macro is not executing when opening, do you notice this?

trustedsec commented 7 years ago

Fixed in 2.7.3, thanks for the report!

moaeddy commented 7 years ago

The macro is detected by ESET on runtime, dont know if this might also happen with some other AV which uses ESET technic to detect virus.

trustedsec commented 7 years ago

Then change it around to not get detected :)

moaeddy commented 7 years ago

i can't mess with the script code, maybe pointing out a way might be helpful as there is no other syntax included in the README, just how to build file