forked from trustedsec/unicorn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG.txt
96 lines (71 loc) · 3.17 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
~~~~~~~~~~~~~~~~
version 2.1.2
~~~~~~~~~~~~~~~~
* added enablestageencoding to true by default
~~~~~~~~~~~~~~~~
version 2.1.1
~~~~~~~~~~~~~~~~
* added --smallest flag to msfvenom generate which compacts shellcode to smaller size
~~~~~~~~~~~~~~~~
version 2.1
~~~~~~~~~~~~~~~~
* added ability to import your own powershell into attacks (thanks to curi0usJack pull request)
* fixed an issue when generating macro attack with appropriate spacing on macros
~~~~~~~~~~~~~~~~
version 2.0
~~~~~~~~~~~~~~~~
* added brand new hta attack vector for direct web application compromise (thanks Justin Elze)
* added brand new attack binary to cert (thanks Matthew Graeber)
* added window.close(); after script
~~~~~~~~~~~~~~~~
version 1.3
~~~~~~~~~~~~~~~~
* slimmed down powershell injection code even more
* when using windows/meterpreter/reverse_https, the option flags StagerURILength=5 StagerVerifySSLCert=false are specified in order to trim down payload. This is due to char restriction sizes when pasting into a command window. With these two settings, the codebase is slimmed down significantly and fits within the normal length
* added support for shikata ga nai to obfuscate shellcode prior to utf and b64encoding. Will now through off sigs if contained inside of a file.
~~~~~~~~~~~~~~~~
version 1.2
~~~~~~~~~~~~~~~~
* fixed an issue where powershell injection may not work on 32 bit platforms
* shaved command line argument down around 32 bytes
~~~~~~~~~~~~~~~~
version 1.1
~~~~~~~~~~~~~~~~
* fixed autoopen from not working on some office implementations - now works on all office documents including powerpoint/word/excel
* changed the open description to fix a typo and also make it more believable
* fixed spacing issues when generating macro attack
* added instructions on when using macro on how to add the macro to an office document
* added better description and instructions for powershell injection
* added better description on initial loading of payload
~~~~~~~~~~~~~~~~
version 1.0
~~~~~~~~~~~~~~~~
* incorporated new macro attack from Rik van Duijn RCX @rikduijn
* code cleanup and fixed an issue that would not present argument values when not formatted properly
* channeled stderr to subprocess.PIPE
* slimmed unicorn powershell injection code about 17 bytes to compact powershell injection
~~~~~~~~~~~~~~~~
version 0.5
~~~~~~~~~~~~~~~~
* fixed hidden window command when using powershell injection
~~~~~~~~~~~~~~~~
version 0.4
~~~~~~~~~~~~~~~~
* shortened powershell injection code by removing un-used code and shortening initial command names
* removed EnableStageEncoding - after testing extensively, this can produce unreliable results.
* fixed a bug that caused unicorn to not work properly due to changes with MSFVenom
* slimmed encoded powershell command, removed un-used else statement
~~~~~~~~~~~~~~~~
version 0.3
~~~~~~~~~~~~~~~~
* updated msfvenom to include format type and architecture to remove bug it would not generate appropriate shellcode
~~~~~~~~~~~~~~~~
version 0.2
~~~~~~~~~~~~~~~~
* changed output name
* added appropriate licensing
* slimmed the powershell code and added noprofile to downgrade process
~~~~~~~~~~~~~~~~
version 0.1
~~~~~~~~~~~~~~~~
* initial release of magic unicorn