NOTE: Please, be kind, and don’t submit any payloads to ANY online virus scanner! Please be sure to check out https://www.veil-framework.com, Veil’s website for the latest tutorials, updates, and repo location. Any questions on using Veil? Join us in #veil on Freenode!
On nearly every assessment, pen testers have to fight a battle against antivirus solutions. The level of effort that goes into each “battle” relies on the AV solution, its definitions, etc. Researching methods to bypass antivirus solutions has been an interest of mine on and off for the past 6 months. About two months ago I started to take a more serious look in how I could take my recent research and turn it into something that more usable and useful. I set out with a couple goals:
- Bypass common AV solutions that I/we routinely encounter in most network environments
- Utilize payloads that are compatible with the Metasploit framework, and expand upon these in future releases
- Attempt to make each payload file as random as possible
With these goals in mind, I continued researching methods of bypassing AV. Since I wanted to maintain metasploit compatibility, I chose to use shellcode generated by the metasploit framework, specifically msfvenom. To accomplish this, I began looking into other available research, which is where I discovered a number of interesting techniques that a variety of people, such as Dave Kennedy and Debasish Mandal, already began to develop. From their research, I learned about really interesting ways to inject shellcode into memory through python. These methods were the foundation of the rest of my research.
Since the majority of our assessment are against predominantly Windows environments, it was important that the tool worked reliably against these systems. Since I chose to write the tool in Python, I had to figure out how to package the Python output files containing the obfuscated shellcode to execute on Windows without requiring Python to be installed on the target machine. One of the solutions I looked into was using Py2Exe. I knew other software used this method to convert their Python-based scripts or tools into an executable that could run on Windows and figured I could do the same. I began testing Py2Exe with the payload files I developed and was successful running the executables on various versions of Windows, so I stuck with that solution. The final part was for me to develop a tool that automated the payload generation process, and I’m happy to release Veil.
Veil is currently capable of using 7 different methods to make 21 different payloads, all of which result in meterpreter connections. Veil provides the user with the option of using either Pyinstaller or Py2Exe to convert their python payload into an executable. With Pyinstaller, Veil users and have their file converted into an executable all within Kali and does not require the use of a second VM/Machine. When using Py2Exe,Veil will generate three files to which are required to create the final executable; a payload file (in Python), a file with runtime instructions for Py2Exe, and a batch script which handles converting the payload file into an executable. To generate the final payload, copy the three output files to a Windows host with Python, Py2Exe, and PyCrypto installed and execute the batch script. This will build the final executable that is uploaded to the target. The executable file can be dropped anywhere, on any Windows system, as all required libraries are stored within the exe file. Once dropped on a system and executed, the payload will result in a meterpeter callback that is undetected by AV.
I’ve tested the packaged executable against multiple AV solutions (MSE, Kaspersky, AVG, Symantec, and McAfee), on both test systems and “in the wild,” and have a very high success rate, bypassing detection in almost every circumstance. I hope that, by releasing this tool, I can enable others in the community to provide more effective assessments by allowing them to focus their efforts on security risks and spend less time bypassing ineffective security measures that wouldn’t deter an actual adversary.
Setup:
For Kali:
- Run the setup script (setup.sh) and follow the installation process.
- Once the setup script has completed, delete the setup script.
For Windows (when using Py2Exe)
- Install Python 2.7 – (tested with x86 – http://www.python.org/download/releases/2.7/)
- Install Py2Exe – (http://sourceforge.net/projects/py2exe/files/py2exe/0.6.9/)
- Install PyCrypto – (http://www.voidspace.org.uk/python/modules.shtml)
Instructions for Use:
- Run Veil from Kali and generate your payload.
- If using Pyinstaller, your payload will be converted into an executable and is available for immediate use.
- If using Py2Exe
- Move the payload.py along with its two accompanying files onto your Windows machine (that already has python and the other dependencies from above installed). All three files should be placed in the root of the directory Python was installed to (likely C:\Python27).
- Run the batch script to convert the Python payload into an executable format.
- Place the payload file on your target machine through any means necessary!
Future Direction:
- Research new methods of encrypting or obfuscating the payload.
- Research other languages with direct access to the Windows API for delivering the payload.
Want to play with Veil? Feel free to do so. Download, clone, do anything you’d like with it. You can download Veil here – https://github.com/Veil-Framework/Veil-Evasion.
I hope that it can help others on their tests just as it has helped me. Please, if anyone has additional functionality they would like to add, I’d love to have input from the community!
References:
Dave Kennedy – http://www.trustedsec.com/files/BSIDESLV_Secret_Pentesting_Techniques.pdf
Debasish Mandal – http://www.debasish.in/2012/04/execute-shellcode-using-python.html
I’ve been using this technique in my custom code for quite sometime. One recommendation — create template files, rather than creating it with all the Payloadfile.write().
You could replace the strings in the template files real easy. It also allows for others to easily just modify the template. This will also make your code more cleaner and maintainable ==== and extensible as others would be happy to add to it 🙂
All the best!
Thanks, appreciate the recommendations. We’re definitely looking to do both suggestions shortly, after a lot of testing, we were happy where we are at for an initial release, but do plan on trying to turn this into a usable framework to allow contribution from the community.
I think you spelled your name wrong in the “by”, looks like you may have just dropped an r. Excited to give this a shot and dig your use of the Polished theme!
haha, good catch. That was a fail. Just updated. Thanks for letting me know!
One question. When I choose Pyinstaller where the payload have saved?
Like @selsroger mentioned below, the payload.exe file will be in the same directory that you launched Veil from.
Er… my payload.exe crashs over and over again, don’t matter my encode choices: http://i.imgur.com/UIXrvTO.png
Windows XP SP 2 x86
Suggestions?
Could you let me know exactly what you installed for py2exe? We’ve done extensive testing and haven’t encountered any issues yet, but if you could let us know exactly what you installed, we could try to re-create the issue and then determine how to fix it.
@Alexandros Iliopoulos: in the directory from which you have launched veil. You can see this easily. Launch veil but don’t chose between 1 & 2, pyInstaller or py2Exe so it just sits there waiting for input. Payload.py will have been built and be sitting in the cwd (just ls).
Actually Chris, on 64-bit kali, wine isn’t installed. Launching the setup script will get a helper wine64 package ask to setup multiarchs and install the 32-bit wine. After doing this, on my system, Python wasn’t installed under wine. So when using Veil, obviously pyInstaller does not succeed in creating the payload.
So this never works:
185 # Else, used pyinstaller (used by default)
186 else:
187 print
188 os.system(‘wine /root/.wine/drive_c/Python27/python.exe /root/pyinstaller-2.0/pyinstaller.py –noconsole –onefile payload.py’)
189 os.system(‘mv dist/payload.exe .’)
…
and later the temp payload.py is cleaned up.
@Alexandros Iliopoulos: unzip Veil.py a second time and launch setup.py again and make sure to install Python under wine (if this was your problem). If not, I hope I at least solved someone’s problem 😉
Yeah, you’re absolutely right. We initially tested on and developed for x86 Kali, but supporting x64 Kali is important to us as well. Looks like you helped to save us some time in supporting this, so thanks! We’ll be adding this capability to the tool shortly.
Hi Chris,
Thanks for the great tool in advance. But the solution above doesn’t work for me as well. No payload is generated using pyinstaller.py.
I have changed the supportfiles.py by following the post mentioned here
http://www.infosecisland.com/blogview/23359-Sewing-Patches-in-the-Veil-AV-Evasion-Framework.html
But that also does not work. Have checked the location for my
pyinstallyer.py file which is here
/usr/share/pyinstaller/pyinstaller.py
The payload.py file gets created under the source directory.
Don’t know what i am doing wrong.
I have Kali Linux. If you need more info. will be glad to help
Kind Regards,
Bhavin
Hi,
We don’t recommend making that change which is in the article as it can break Veil. You need to give us a little more info to help. What version of Kali are you using? Did you run the setup script?
Please reach out to us on twitter and/or Freenode irc channel #veil and we can give live support.
Thanks
Hi Chris,
Version of Kali is 1.0
Firstly i installed veil from add/remove softwares and then it downloaded a lot of supported software
Kali did run and had no errors with that at all, except no .exe file was being gerated.
Then i downloaded the files from git and ran the setup.sh file. Same results – no .exe file.
Am i missing anything?
Kind Regards,
Bhavin
Hey,
We posted that there currently an issue with installing Veil via apt. The offsec guys (they’re an awesome team) are currently looking into fixing the veil package, unfortunately it happens considering Veil requires a wide variety of dependencies for the payloads that it generates. And unfortunately, if you try installing via apt, it causes issues when installing via git too.
Easiest way would be to go back to a snapshot before you installed veil via apt, and instead install it via git. It’ll work for you then.
Hi,
Is there a tutorial somewhere where i can follow it and you mentioned snapshot in Kali, how do i go about doing that?
But the link will be great.
Kind Regards,
Bhavin
You would have needed to have taken a snapshot with VMware (or your virtualization software of choice).
There isn’t a tutorial for installing Veil because all you need to do is run the setup script and it handles everything. If you’re having issues, Honestly the best bet is to try with a clean system. You are potentially going to have issues when trying to install from git after a failed apt install.
hmm…okay, thanks Chris…
I think the best thing to do is to do a clean install…but first i am trying the git way…let’s see…fingers crossed
Kind Regards,
Bhavin
Yeah, sorry might not have been what you were looking for, but git, as of right now, is the way to install due to a bug in the veil package.
I’m 100% certain if you have a clean Kali and install/setup veil from git, it will work for you.
For completeness’ sake:
dpkg –add-architecture i386 && apt-get update && apt-get install wine-bin:i386
are what should be executed on kali 64bit before launching the setup.sh script.
good job.
Thanks, much appreciated
This is absolutely amazing !!!!
man,this i an awesome work!
Thanks for the post. I am able to get a meterpreter connection. However, when I try to run a command, I get “unknown command”. I just type “?” at the meterpreter prompt, nothing is returned. Any suggestions? Thanks
What sort of machine are you running it on?
I have tried from a windows 7 machine and kali (both with no firewall). The victim machine is a windows 2003 sp2.
Which wrapper are you using? py2exe or pyinstaller? Can you try both?
I’ve been using py2exe. I will try pyinstaller and let you know what happens
Just tried it with pyinstaller and getting the same results. Getting the meterpreter prompt, but nothing is loaded.
What’s your environment that you are using it in? Also, might be easier to hit myself (@ChrisTruncer), @themightyshiv, or @the_grayhound up on twitter, and provide us a pastebin of everything you’ve been doing.
Just tried this on a winxp machine and everything worked great. Wonder why the win2003 machine is giving me problems. Going to try and get more info about the system.
This is the error that I am getting:
Failed to load extension: No response was received to the core_loadlib request.
Can you check, are you using the latest version of Veil?
I am running the latest version.
Thanks for your help
You should hit all three of us up on twitter. Give us all the tech specs of what you are running on your systems, and pastebin the entire thing so we can see what you’re doing.
@ChrisTruncer
@TheMightyShiv
@the_grayhound
I haven’t tried the tool yet, but just out of curiosity, I would like to ask something.
When someone generates a meterpreter based payload with metasploit into an exe template, then metasploit will put there the 1st stage which will then get the rest of the necessary modules upon connection with the evil machine.
So, does that tool basically try to hide that 1st stage?
Thanks for your time.
Apos
Pretty much. This is kind of a wrapper for meterpreter’s stage 1.
well done, it’s working great so far. any plans to offer x64 msf payloads eventually? also, you mention it works on “almost” all AV products – can you disclose which ones caught it?
just ran it thru virustotal and only 2/47 detected it ….it passed with flying colors as no major AV caught it …:)….btw i used this on a windows 7 machine 64bit :)….some AV called antiy-AVL and TheHacker caught it …hope i helped …:)
Ugh. Best not to upload stuff like this to VT as AV vendors have been known to use VT’s signatures thus making things easier to detect.
Yea… the longer this stays out of VT, longer it’s likely to stay undetected and remain useful.
Read the line: Please, be kind, and don’t submit any payloads to VirusTotal
We can definitely look into adding x64 meterpreter, that wouldn’t be hard to do. We just wanted to start with the x32 bit versions first. We mentioned “almost” all AV products because we just simply haven’t tested EVERY single AV solution out there. Of the ones we’ve tested, it’s bypassed everyone of them. However, just due to not having tested all solutions, we just didn’t think it was fair to say we bypass them all.
Well done alex !! IOMG,it is a common rule and everybody knows NOT to upload samples to VT for checking since there’ll be signatures soon in the AV products for your sample !
Chris, firstly congrats, brilliant tool. Could I suggest that perhaps you put an explanation at the top by your comment about not uploading to VT? I think Hugo Sanchez said it quite well so words to that effect.
It would be nice if there was an efficient way to communicate this kind of tool to the community without the risks of the “general masses” getting their hands on it and it shortly being smashed through VT regardless. Maybe there is a need for a reputation-trust based social network type website maintained by the community that is quite well guarded? just a thought 🙂
Thanks for the kind words, appreciate it. As for Virus total, I would have thought that that was common sense, but looks like a disclaimer wouldn’t hurt 🙂
Well isn’t it counter productive not to? I mean are these methods developed for the good or bad?
No, we don’t want to submit them because we would like the payloads to avoid AV.
Ah ok. I thought the idea was to have the Av protect from people using this method to do evil.
There’s a lot of legitimate reasons to release a tool like this. While that is one, it isn’t our goal. Primarily we released this to help pen testers and red teamers during their assessments.
Ok. Well I just think I have a hard time seeing how this industry works.
What exactly? We already know that malicious actors can perform the same task quite easily. Shouldn’t we allow the white hat’s to perform the same capability?
Sorry, but i can not to download setup/requiredfiles.zip because this file is big!( Can you halp my???
Those are all the files required for setup, so it might be useful to have.
Dear, Chrys! Can you create tutorial video, where you showed how install and exploit Vail! Please!
can you port Veil to mac (no wine)?
thanks.
We do have a goal to make Veil not rely on any underlying OS, but purely on Python, but as of now it is reliant on Linux. It does work best on Kali, and as of now we recommend using it on Kali.
How can i use Veil to create a payload On external IP ???
When i try to Create a payload thrs no option to create payload for External IP..
May b thrs another method i dnt knw..
your help is much appreciated.. 🙂
Could you elaborate on that? You provide the IP address that the callback goes to, so it can be for any IP.
When i try to create a payload
It says Enter ur local IP … Dats what i worried lil bit
as u said anyIp .. can we put our Public IP when it says Enter ur local IP ??
If yes than i will try to test it via External network
Not on my same Network On Internet i mean ??
I forwarded Port also and while generating payload i will put that Port which i forwarded on my Modem
After all this Can i get a meterpreter Shell
On External IP ???
Srry Noob Question Again
thnx
Yes, you can use your external IP address, or any IP address.
Sir 1 major prob plz help me ..
i tried Veil on Ubuntu 13
Its all running ok But when in last i tryied to make Binary .exe
it show error
=========================================================================
Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================
[Error]: Can’t find python.exe in /root/.wine/drive_c/Python27/.
Make sure the python.exe binary exists before using PyInstaller.
root@nomno:~/Desktop/Veil-master/Veil-master#
I knw bcoz Python27 is not thr
But when i try to install through wine in Ubuntu
It installed in my home/machinename/.wine/drive_c/Python27
How can i change the script to Take Python27 frm
another location???
and which script shld i change…
Help !! plzzz 🙁
We just pushed out an update where it should allow for use on non-kali linux. That looks to be your problem
Hello there Chris,
Just dropping by to say thank you and that you did a brilliant job. I appreciate the effort.
Thank you mate 🙂
P.S. I promise never to use it on virustotal lol
James
Haha,
Thanks for both accounts, we all appreciate it.
maybe a little stupid question? but there are too many files on your github link? how do i get all modules etc ? cause it will take me ages to download all files?. Thanks and sorry for a noob question. By the seem nice. all the best for upcoming updates.
Hey,
No, there aren’t too many. The reason it is semi-large is because we have all the required setup files included within the git repo. We included them because we’ve tested with those specifically and they are known to be working.
good job
thanks, we appreciate it
Hello Chris sorry for the bad english!!
The Payload crash when i try to run it, the machines are windows xp (italian) x86.
i’ve installed the requirement that you have indicated.
thanks
Hi there, we need a bit more information. Are you running the latest version of Veil on Kali? Have you updated it? How are you generating your payload files?
Might be easy to talk to us on twitter. Look up our accounts:
@ChrisTruncer
@TheMightyShiv
@the_grayhound
yes i’m running the latest version of veil on windows xp,
i’ ve downloaded veil yestarday from github,so i think to have the latest version.
i’ll create a twitter account soon.
Thanks.
The readme and this blog post says to run Veil on Kali.
Hi, it works fine when used on my local network but when others open the .exe from a different wifi connection, nothing happens. Any ideas? 🙂
You might need to check into your port forwarding.
Would be great if you could specify hostname for reverse_https instead of just IP address. Other than that, great job!
Good request. We’re working on the error checking logic to make this happen. Thanks for the feedback
I get this error. Do you have any idea about it? Any help would be much appreciated
[Error]: Can’t find python.exe in /root/.wine/drive_c/Python27/.
Make sure the python.exe binary exists before using PyInstaller.
Did you run the setup script? Are you using Kali x86? Do you have python installed within wine?
Thanks a lot for this tool. It works perfectly. Just a little question, somebody tried to convert the payload.exe, obtained with veil, with exe2vba of metasploit for obtained a macro for MSOffice? I’m tried but sometimes work and sometimes receive an error when open word . Somebody can help me? Thanks in advanced?
We haven’t tested the capability of that. So as of right now, we’d have no idea if that worked or not.
Hi. Just picked up Veil today and been playing with it this afternoon. Excellent job.
I’ve been having a bit of bad luck with some of the resulting *.EXEs — 3 of them got picked up by Norton (Argh!). However, all of the powershell payloads I created, work like a charm!!!
Great job, Christopher. Keep up the good work!
What version of Norton were you going against? What payloads did you use? What was the message that Norton had detected the exes with?
This is how my test went:
1. I used 3 PCs, all of them brand new.
2. They all had a version of “Norton Internet Security” pre-installed.
3. The attacking machine, was a remote VM.
4. The payload was created using “python/DESVirtualAlloc” and compiles with pyinstaller.
5. No additional ‘msfvenom’ parameters were used.
Norton identified the file, as “Metasploit”, correctly identified the destination and port.
It was just a test — I didn’t bother to encode the payload.
i cant run it on kali
it give me that error
./Veil.py
bash: ./Veil.py: No existe el fichero o el directorio
You have to be in the folder where you unpacked Veil. Supposing that you installed on your home folder, type:
# cd ~/Veil-master (or whatever you called the dir)
# ./Veil.py
i maneged to open it with
‘/root/Veil/Veil.py’
now it give mi thath error
[?] How would you like to create your payload executable?
1 – Pyinstaller (default)
2 – Py2Exe
[>] Please enter the number of your choice: 1
C:\Python27\python.exe: can’t open file ‘/root/pyinstaller-2.0/pyinstaller.py’: [Errno 2] No such file or directory
mv: no se puede efectuar `stat’ sobre «dist/payload1.exe»: No existe el fichero o el directorio
rm: no se puede borrar «*.spec»: No existe el fichero o el directorio
rm: no se puede borrar «logdict*.*»: No existe el fichero o el directorio
i think i made a great mess : )
This is because you are running it on Windows. Please use Kali
Dear, Chris! When i use Py2Exe, Veil no creat file in output/compiled/ ! Can you help me, please!
Py2Exe requires python and other dependencies installed on windows. Review the Veil readme file, it details exactly what you need. When using py2exe, you move the files from the source folder into your windows machine and convert into an executable there.
I was mistaken! When i use Pyinstaller!!
If you need support, which it sounds like you might need help. The best place is to talk the three of us developers on twitter, or in #veil on freenode.
When i use Pyinstaller!! Veil no creat file in output/compiled/ !
Please contact us on Twitter, or even better, within #veil on freenode.
We can help you there.
I have one question, when i use custom shellcode (all in one line and no quotes) the vail console flickers up and down maybe 2 min, and then returns to the beginning…
Is this a bug, or my shellcode is too big?
Sounds like it might be a bug. Can you pastebin us everything you are doing, and send it to us via twitter/e-mail/github? Info is on https://www.veil-evasion.com
I have tried to install on Linux x86 using setup.sh but in the end i receive the following errors:-
./setup.sh: line 55: cd: ../config: No such file or directory
python: can’t open file ‘update.py’: [Errno 2] No such file or directory
Are you using the latest version from github?
Thakyou Christopher.. I got it.
Hello and thank you for the tool. I have tried it few times, looks great. I really hope you will continue developing it. I am new to Kali and security in general. Is there an option in Veil to merge the payload.exe generated with another custom executable, lets say an http://ftp.exe? If not do you know of any tool in kali which will give me the option to do so? Thank you.
Thanks for posting this! It looks amazing, but I’m having trouble getting it installed. Google-fu didn’t help me, so I’m posting here. Sorry if it’s a retarded question, but if the boot fits…
I downloaded the setup.sh to kali. I attempted to run it and got:
root@kali:~# sh ./setup.sh
./setup.sh: 5: ./setup.sh: Syntax error: newline unexpected
How to do? :\
Fixed myself- Working great! <3 Thank you so much for posting this.
What was the issue? It need a patch?
Is it possible to add msfvenom options such as -x for template name? At one point it says: Enter extra msfvenom options in OPTION=value syntax,. If I want to add a custom template how do I go with this one? Tried few methods but no luck. I think this one was asked in one of the above posts too.
Yeah, you can add extra options exactly in that OPTION=value section of veil, but the only one that won’t work is the -x. That’s because you’re not cloning an existing template when using Veil, it’s making its own template.
Do you consider this as a future additional to Veil? It will be great if we had the option to inject the new Veil exe into let’s say putty so it runs when you open putty.
Veil doesn’t work in that way, it makes its own executable (and by extension, its own template). To use another template, you can just use msfvenom
Hey Chris,
I installed Kali again and downloaded the latest Veil version from git…Errors below after i run as sudo sh ./setup.sh
./setup.sh: 4: [: root: unexpected operator
./setup.sh: 13: [: 1: unexpected operator
[ERROR]: Either run this setup script as root or install sudo.
Is there anything wrong i am doing?
Kind Regards,
Bhavin
Hi Chris,
Finally got it working: used bash ./setup.sh instead and that did the trick. Although not the first time. Had the error
Can’t find python.exe in /root/.wine/drive_c/Python27/
So followed the post above by Alexandros Iliopoulos to unzip the package again and start the install process…
Went through the python setup and voila…works like a charm.
Thanks for your prompt replies…
Kind Regards,
Bhavin
Hi Cristopher,
I created a python style payload (with pyinstaller) but when I run this payload on my machine the program is quit after some seconds…. How can I debug what is the problem?
(I would like to create a reverse meterpreter shell)
My environment win7 x64 + SCEP 2012. the AV didn’t alert me….
(I created a crypted payload with hyperion crypter and that is works fine for me…)
So, I don’t known why this isn’t work for me…
Can you send us a message on twitter, and give us a pastebin of everything you’ve run?
Thanks
Sorry… It was my mistake (the handler was aborted somehow…)
I restarted the handler and the payload works nice now.
But I have another problem.
I have 2 machine. One laptop is at home & another desktop is in my office.
In my office everything works fine. (python install in wine, etc. Everything is very nice.
but in my laptop the python can’t install under wine…
I don’t understand what is the problem. (and what is the difference between the two machines)
both computers are running Linux kali.(in Virtualbox)
how can I compare the 2 system? I don’t known what is the different…
(all software versions of the same: wine, python.msi, veil, etc)
what I should to do ? please help me.
(after I tryed install python 2.7 in wine the python.exe doesn’t exist in the .wine/drive_c/Python dir … ?the installation was unsuccessfull.)
ps: The Veil is Excellent. Great work man!
For the one with issues, how did you install wine? Did you do it from apt or from cloning the git repo? I just need a little bit more info to be able to help you troubleshoot this?
Hi!
Problem solved 🙂
I installed wine with apt-get install.
(version of wine is 1.4.1)
The solution:
extract python-2.7.5.msi (with uniextractor) in a windows
copy -r all of python files to .wine/drive_c/Python27
then add to registry:
pico pyreg.reg:
[HKEY_CURRENT_USER\Software\Python\Pythoncore\2.7]
[HKEY_CURRENT_USER\Software\Python\Pythoncore\2.7\InstallPath]
@=”C:\\python27″
[HKEY_CURRENT_USER\Software\Python\Pythoncore\2.7\PythonPath]
@=”C:\\python27;C:\\python27\\Lib\\;C:\\python27\\DLLs\\”
wine regedit pyreg.reg
then install all of components in wine (pywin32, py2exe, pycrypto)
then everything works :)(I used the Pyinstaller method in Veil)
This method a work around for the “err:msi:ACTION_InstallFiles Failed to extract cabinet: blablabla” error
Awesome, thanks for posting a suction in case anyone else has that same problem!
hello sir i have used your program and it is very nice but when i create the .exe file and send it to the target computer on which kaspersky internet security is installed it detects the infected .exe file
please help me out to hide the file from antivirus and get access to the target commputer
i did AES encrypted
I believe Kaspersky may be catching it sometimes based off of heuristics. Currently, Veil-Evasion is designed to evade disk based detection. One thing you could try is a powershell based payload, or signing the payload. Also, you could try to modify the source code, and re-wrap it into an executable and try to evade it. If you create something that does it, you should certainly let us know or submit a pull request for a new payload, we’d love to see it.
hi ! I have Created a Payload by Veil, it really gr8, just have 1 problem that i am not much happy with its file size, its about 3MB 0r 3.1 MB. is there any solution to reduce the file size of payload ??
I will be very gr8full to you.
Just use a different payload.
if anything you suggest ?
i am using meterpreter reverse tcp
Hello guys,
Every time I want to build my backdoor, I have these errors :
http://pastebin.com/YMGUiDVc ( don’t want to past all the errors, I don’t know if the rules allow us to past code lines. )
I didn’t take care of these errors, because at the end i have these result :
[*] Your payload files have been generated, don’t get caught!
[!] And don’t submit samples to any online scanner! 😉
So I told myself, no matter, now, let’s try to corrupt my second computer wich is connected to an another network and … nope, it’s not working. It’s loading a few seconds, than nothing, I launched the handler, with the same LHOST, LPORT, and it’s still not working …
Requesting help, thank you in advance, and sorry for my bad english. :l
That’s normal output. Go to veil’s website (https://www.veil-evasion.com) and there’s a guides/videos section. It shows what generating a payload should look like.
Well, ok, I remember, during the setup, I had this kind of “errors” is that the normal output too ?
http://pastebin.com/tPdXEZXB
There is a little bit of french, sorry and thank you for the fast answer
I can’t speak with 100% certainty due to having only tested on an english system, but it does also look like the same output when installing on an English system. So I believe it is normal.
If you are running into issues, it might be easiest to hop into #veil on Freenode where someone can help pretty quickly.
Do you have a link for Freenode ?
And last question, the question is about LHOST, we have to write the internal or external IP, I do believe it’s internal IP, isn’t it ?
Google how to connect to IRC freenode, then join our room. LHOST can be either, it depends on your environment, so you will have to figure that out.
Hello ! I want ask about veil 2.0.5 … how to setup the-backdoor-factory-master??
i use kali linux…
It hasn’t been updated in Kali yet, we have an open ticket for it to be updated. In the meantime, you can clone our github repo to get it.
Hi Chris,
Do I really need an 86 to get your system running?
What?
Also, if you have Veil questions, please ask on the forum – https://www.veil-evasion.com/forums
Hi Chris, first of all let me thank you and congratulate you for such an amazing tool. I just have one question, is there a way to use veil to encode other metasploit modules, such as bypassuac? Best Regards
Thanks for the kind words. That’s a really good question, as of now we don’t have a way to do that, but that’s a really good idea. Worth looking into.
Does each payload come out different meaning if I or someone did upload to virus total and discovers trojan does that make that single executable tainted or does it ruin future generated payloads?
I have installed veil on kali linux. when i try to use it I face this error in its working process:
[!] ERROR: Can’t find python.exe in /root/.wine/drive_c/Python27/ [!] ERROR: Make sure the python.exe binary exists before using PyInstaller.
Please resolve it
hey did you have any solution of
error of importing pip in intalling of veil