Tuesday, February 27, 2018

Veil Framework (II): Evasion (no encryption / no encoding)

ANTIVIRUS EVASION / Veil Framework (II): Evasion (no encryption / no encoding)

- Layout for this exercise:

- The goal of this exercise is to check the rate of Anti Virus evasion success using the Veil Framework with Evasion.

- The success rate will be good, though in this simple exercise we aren't using encryption or encoding for the generated payload.

- On next exercises the success rate will be improved because encryption and encoding will be used.

1 - Generating a payload with Veil-Evasion

- Launching the program:

- Listing the available tools:

- Using Evasion:

- Listing Evasion payloads:

- Taking the number 7) payload, a meterpreter reversion shellcode:

- Setting Kali Linux as LHOST:

- Generating the payload:

- Giving a name test1.exe:

- The Veil files are created and stored in these folders:

2 - Launching the attack

- The generated executable test1.exe is here:

- Setting up a simple web server:

- Transferring the file to the victim Windows 10:

- The reference file test1.rc is here:

A handler session is created, launching Mestasploit taking test1.rc as a reference 

- Running test1.exe at Windows 10:

- The attack is successful and a Meterpreter session is achieved:

3 - Checking the Anti Virus evasion rate

- Checking test1.exe against Virus Total a rate of 59% evasion success is achieved:

- Checking test1.exe against No Distribute a rate of 56.7% evasion success is achieved: