Skip to main content

Antivirus Evasion : Bypassing AV with Veil.

Prerequisites

You should know how the basics of generating payloads using metasploit, i.e. have a basic idea about pentesting. I have covered these already, and won't do so again.
If you haven't got the prerequisites covered, I'd suggesting you start by hacking into an unpatched Windows XP machine.

Install Veil-evasion

This is one the rare moments when you actually have to install a hacking tool in Kali Linux. That said, the process is incredibly simple, and a simple apt-get will work.
sudo apt-get update
sudo apt-get install veil-evasion



 Type veil-evasion in the terminal and you'll be asked if you want to continue with the installation.
Type y. Wait for the installation to finish. It could take a while. The installation would ask you to install Python & Ruby (don't change installation directories even if it says that Python is already installed), which is just a matter of clicking next and finish.

Veil Evasion - Creating a simple payload

Type veil-evasion on the terminal to start it.
1) Type list to see available payloads.
list
2) Use any payload you want to. I'm using python/shellcode_inject/flat. Type
use python/shellcode_inject/flat
3) You can use set option to change any values you want to change. We don't need that right now. Type info to see the settings you can change.
info
4) Type generate
generate
5) Choose option 1
6) Press enter, or if you want to use some other exploit, then type it's name.
7) Enter LHOST (listener IP, i.e. your IP from ifconfig) and LPORT (any unused port works), enter any extra  msfoptions you want to enter (not required here). Enter any name you want.
8) Give your payload a name. Then choose 1 or 2 for Payload creation method. I chose 1.



Your payload will get generated in a bit. Don't upload it to online scanners, since they distribute it to different AV companies and the detection rate increases.
PS: If  you are having issues, scroll down to the troubleshooting section below.

Veil Evasion - Creating An encrypted payload

Let's try to create an encypted payload, one which will be undetectable by most AVs.

We'll use AES encryption to encrypt the payload. This is a pretty strong algorithm and should provide pretty low detection rate.

1) Select the payload (this step is the only difference between the encrypted payload and simple payload)
use python/shellcode_inject/aes_encrypt
Don't be confused by the directory at which I currently am in (/Veil-Evasion/Setup)
in all the screenshots.
I created a troubleshooting section below for which I was in this directory, and never
switched back to home directory. This doesn't change anything.
2) Look at the parameters/options that we can choose
info
3) Change anything you want to change. I'm not changing anything and using all the default options.
4) Generate the encrypted payload.
generate
5) Choose option 1, press enter for default payload. Follow the same procedure as the previous case. Choose the LHOST, LPORT.
6) Give your payload a name. I call it veiled.

7) Choose 1 (pyinstaller).

Generated executable can be seen here-
/usr/share/veil-output/compiled/veiled.exe
This is the second payload I created with the name veiled so it got changed to
veiled1.exe
That's it, you now have a payload that can bypass a lot of AVs easily.

Troubleshooting

If you're getting this error
ERROR: Can't find python.exe in /root/.config/wine/veil/drive_c/Python27/
Then it means apt-get failed you, and there are some uninstalled/mis-configured dependencies
Try this solution-
git clone https://github.com/Veil-Framework/Veil-Evasion.git 
It's going to be approximately a 300 MB download.

 then
cd Veil-Evasion/setup/
then
./setup.sh -c
This step may take some time. You'll have to wait.
You'll have to install a lot of stuff including python, ruby, etc. with Wine

then
cd ../setup/
then
python update.py
This should fix the issues.

Tinkering

I just generated an encrypted payload without a lot of tinkering. You can play with the options, try out everything that veil offers, and get a much more 'veiled' payload. As far as bypassing antiviruses is concerned, experimentation is key. Keep trying out different options till one generates a payload that your target AV won't detect.

Comments

Post a Comment

Popular posts from this blog

How to remove the WannaCry & Wana Decryptor Ransomware.

How to remove the WannaCry & Wana Decryptor Ransomware Table of Contents 1 Who is this guide for? 2 What is WannaCry, WannaCryptor, WNCRY, or Wana Decryptor? 3 How to remove the WannaCry and Wana Decryptor Ransomware 4 Is it possible to recover WNCRY files that have been encrypted by WannaCry for Free? 5 How to Protect yourself from the WannaCry or Wana Decryptor Ransomware. Who is this guide for? If a user is infected with the WanaCrypt0r/Wana Decryptor Ransomware then it is important that they remove it immediately. This is because even if you are not going to pay the ransom, while the ransomware is running it will continue to encrypt new files as they are created. This guide will guide victims on how they can remove the WannaCry and Wana Decryptor 2.0 infection from their computer. This guide, though, will not allow you to decrypt your files for free. This is currently impossible. I will provide steps that you can use to possibly recover files (slim chanc
Post a Comment
Read more

Top 10 Secret Tricks in Google.

In This Cool Video i will be Telling you Google Most secret Tricks in Top 10.. Telugu Click this Link if the video is not Working. https://youtu.be/tX7X-OsP6Hs Posted by Nagesh ;)
Post a Comment
Read more

Top 10 Free Instagram Hacker App For iPhone and Android.

Top 10 Free Instagram Hacker App For iPhone and Android Posted by Nagesh ;) Instagram is no doubt one of the most used apps when it comes to uploading and sharing pictures with your friends and families. However, as much as you may like to use Instagram, the fact remains that anyone can access your account with or without your consent. How is this possible you may ask? The answer lies in the Instagram hacker app. Yes!! You heard right. An Instagram hacker app is a type of an app that works by retrieving passwords and other login details from a target account. As it stands, since Instagram is available on both the Android and iOS platforms, these apps can be found on this platforms as well. These Instagram hack apps are efficient when it comes to hacking passwords, so it's best to be guaranteed that they will hack your IG account in a matter of minutes. Part 1: 5 Free Instagram Hacker App For iPhone Part 2: 5 Free Instagram Hacker App For Android Part 3: Using
Post a Comment
Read more