trustedsec/ptf

issues with modules/post-exploitation/unicorn

Xeteskian opened this issue · 5 comments

OS: Ubuntu Server 18.04.1
I'm seeing some strange behaviour when interacting with modules/post-exploitation/unicorn

When trying to install unicorn using modules/custom-list, the output seems to try install metasploit.
I see the same behaviour if I do:

use modules/post-exploitation/unicorn
? (or help)

it immediately tries to install/update metasploit
if however I use

use modules/post-exploitation/unicorn
install

then unicorn installs as expected

This happened to me as well. I'm trying to see if I can fix it. Just thought it was me since no issue was opened.

Ok. Also, I just checked it out again. Seems that if you call directly

use modules/post-exploitation/unicorn

it doesn't work. So you have to do:

use hydra

Also seems that it is only doing it on hydra. Haven't had it happen on any other modules. I'll fix the problemo right away

oh wait. I just read what it was doing. Should have done this before.
Check this out:

ptf> search unicorn
[*] Search results below:
modules/intelligence-gathering/unicornscan
modules/post-exploitation/unicorn
ptf> use modules/post-exploitation/unicorn
ptf:(modules/post-exploitation/unicorn)>?
Available from main prompt: show modules, show , search , use
Inside modules: show options, set ,run
Additional commands: back, help, ?, exit, quit
Update or Install: update, upgrade, install, run

Module Author: David Kennedy (ReL1K)
Module Description: This module will install/update Unicorn - a tool for powershell code execution

INSTALL_TYPE: GIT
REPOSITORY_LOCATION: https://github.com/trustedsec/unicorn/
INSTALL_LOCATION: /pentest/post-exploitation/unicorn/

[] Detected installation already. Going to upgrade for you.
[
] Preparing dependencies for module: modules/exploitation/metasploit
Reading package lists...
etc.
etc.

Since unicorn has to use metasploit to create the payloads, it is a good idea that it should install metasploit if you do NOT have it installed. So this behavior is normal. I think I will not change anything but add for update just to ONLY update unicorn and not msf and upgrade also. But if it is to install unicorn, then yeah, you will want to let it install msf. Also will be good idea to check when you want to install unicorn, check if msf is installed. If it is, then will skip and install unicorn. :)

Unicorn has a TOOL_DEPEND prereq of Metasploit, it will install Metasploit first, then install Unicorn after :) This is normal behavior and appreciate reporting!