veil-bypass anti-virus software payload generator-China cold dragon

Source: Internet
Author: User

Program:

Note: Please don't do bad things, don't go to VirusTotal Submit any payload

In almost all evaluations, penetration testers must contend with anti-virus software. The level of each struggle depends on the solution of the antivirus software and its definition. Over the past six months, I've been working on how to bypass antivirus software. Two months ago, a careful review of your recent research has been made to make it more useful. Here are some of the goals I set:

• Bypass antivirus software that can be encountered in most network environments

• Extended in later versions with Metasploit-compatible payload

• Randomize each payload file as much as possible

After setting these goals, continue to explore ways to bypass anti-virus software. Because the main want to be compatible with Metasploit, so the use is Metasploit especially msfvenom generated shellcode. To do this, I started looking for other people's research and found some interesting techniques that have been developed by people like Dave Kennedy and Debasish mandal. From their research findings, it is interesting to find a way to inject shellcode into memory through Pyhton. These methods are the basis for the next study.

Because our main assessment is in the Windows environment, this tool needs to work reliably under Windows. Since this tool is written in Python, it is necessary to figure out how to package a Python output file containing confusing shellcode so that Python is not required on the target machine. One way is to use Py2exe. Some other software is using this method to turn their Python scripts into executable programs on Windows, as well as I do. Using the payload I wrote to test the Py2exe, eventually Windows ran successfully on different versions, so I used this approach. The final step is to develop an automated payload generation program that is pleased to be able to publish veil.

Currently veil supports the generation of 21 different payload in 7 different ways, which is related to specific commands. Veil provides users two different ways to convert pythonpayload to executable, one is Pyinstaller, the other is Py2exe. With Pyinstaller, veil users simply use Kali to turn their files into executable programs without the need for virtual machines. Using Py2exe,veil will generate three files that will be used when generating the final executable program. These three files are: a payload file (written in Python), a py2exe command file required by the runtime, and a batch script for converting payload into an executable program. To generate the final payload, copy the three files to a Windows host that has Python, Py2exe, and Pycrypto installed, and then run the batch script. The executable program that will eventually be uploaded to the target machine is generated. This executable can be placed on any Windows system, and the required libraries are already placed in the executables. Once placed on a system and executed, payload will produce a meterpeter receipt that is not detected by the antivirus software.

The program has been tested on many anti-virus software (MSE, Kaspersky, AVG, Symantec, and McAfee), with very high pass rates that can almost bypass all anti-virus software detections. I hope that by releasing this software, more people will be able to focus on security risks and spend less time bypassing ineffective security measures, which does not prevent real attackers.

Installation method:

Install on Kali:

    1. Run the installation script (setup.sh) and follow the installation steps to continue
    2. After the installation script is complete, delete the installation script

Install on Windows (using Py2exe)

1.

    • Install Python 2.7-(under 32-bit system to test –http://www.python.org/download/releases/2.7/)

2. Installing py2exe– (http://sourceforge.net/projects/py2exe/files/py2exe/0.6.9/)

3. Installing pycrypto– (http://www.voidspace.org.uk/python/modules.shtml)

Instructions for use:

    1. Run veil on Kali, generate payload
    2. If you are using Pyinstaller,payload, you can turn it into an executable program that can be used directly.
    3. If you are using the Py2exe

Put payload.py and two related files (which should be the three files mentioned above) on the Windows system (with Python and other software installed above). These three files should be placed in the root directory of the installation letter where Python is located (for example: c:python27)

Execute a batch script to convert Pythonpayload into an executable program

4. Put the payload on the target machine

Future direction:

Research new ways to encrypt or confuse payload

Study the ability to directly invoke the language conversion of the Windows API payload

Do you want to use veil? Anytime you can. Download, copy, and do whatever you want to do for it. you can download Veil: Https://github.com/ChrisTruncer/Veil here.

I hope it will help others as well as help me. Let me know if you want to add a new feature.

Learn how to use veil and other red team technologies efficiently, and take a look at our tutorials on the 2013 U.S. Blackhat website:

Https://www.blackhat.com/us-13/training/adaptive-red-team-tactics.html.

and our penetration test Tutorial: http://www.blackhat.com/us-13/training/adaptive-penetration-testing.html

Reference:

Dave kennedy-http://www.trustedsec.com/files/bsideslv_secret_pentesting_techniques.pdf

Debasish mandal-http://www.debasish.in/2012/04/execute-shellcode-using-python.html

source:https://www.christophertruncer.com/veil-a-payload-generator-to-bypass-antivirus/

veil-bypass anti-virus software payload generator-China cold dragon

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.