Bypass Anti-virus using Veil Framework

PythonServer Side ProgrammingProgrammingVirus

This article is intended to demonstrate, how to bypass the anti-virus detection using the Veil framework, as it is a collection of tools designed for use during penetration testing. It currently consists of the following modules −

  • Veil-Evasion − a tool to generate antivirus-evading payloads using a variety of techniques and languages
  • Veil-Catapult − a psexec-style payload delivery system that integrates Veil-Evasion
  • Veil-PowerView − a powershell tool to gain network situational awareness on Windows domains
  • Veil-Pillage − a modular post-exploitation framework that integrates Veil-Evasion

Requirements

To install the Veil- Framework, you are supposed to configure the latest Python packages into your machine.

How to Install

The important point to remember is that the installation must be done with superuser privileges. If you are not using the root account (as default with Kali Linux), prepend commands with sudo or change to the root user before beginning. The Veil-Framework is a fantastic tool for avoiding payload detection by the anti-virus software. To install it, you first need to download it from Github and perform the following commands.

git clone https://github.com/Veil-Framework/Veil.git cd Veil/
./config/setup.sh --force --silent

Generate Payload

Step - 1

Now, select the operation Evasion from the list as following to generate the payload;

Step - 2

To list all the available payloads, select the list option as usual which will display all the available payloads as following −

Step - 3

Now, select your payload using the use command as following; −

Step - 4

Finally, after selecting the payload, select the py2exe option and hit the generate command to generate the desired FUD payload as following;

Here, in the aforesaid image, you can easily see that the runme.bat fully undetectable virus (payload) is generated and stored in the /usr/share.veil-output/source directory.

raja
Published on 20-Apr-2020 09:33:20
Advertisements