Bypass Antiviruses with Veil Framework
During pentesting, the target machine/machines may be protected by Antivirus softwares. You’d have to bypass these softwares and open a shell. The tool that’s necessary for this kind of job is under the Veil roof, called veil-evasion. Softwares like this bypass antiviruses with different encoding methods.
As you can see above, there are payloads available to build with C, C#, GO, Python, Ruby, Powershell programming languages. We’ll choose the 24th payload. Just like in metasploit, you can either type “use Payload_Name” or just type the number of the payload.
We chose the payload. Now we enter the ip and port information using “set” command
After we enter the ip and port information, we can get more information about the payload by typing “info” command.
After we fill in the required spaces, we create the malware by typing the “generate” command.
On the screen you see, it asks us for the name of the output file. The default name is “payload”
Malware is under the “/usr/share/veil-output/source/” directory and it comes with a msf script if we want to make our job easier. The msf script is under the “/usr/share/veil-output/handlers/” directory.
To use it:
Time to test it!
When we send the malware to the target, it starts a security scan, as you can see
(The text on the bottom of the window is in in Turkish. It says “running security scan”)
But it cant detect the malware. Hooray 😀
(Text on the bottom of the window says “kotuyumbenkotuyum.bat has been downloaded successfully.”)
When we run the malware, it connects right away.
And we’re in!
After this part is limited to your imagination. The next thing to do is upgrading your authority on the target device 😉