AdSense

Tuesday, February 27, 2018

Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom


ANTIVIRUS EVASION /Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom

- Layout for this exercise:




- The goal of this exercise is to achieve a reasonable good rate of Anti Virus evasion using the Veil Framework with Evasion, AES (encryption) and Msfvenom


1 - Veil-Evasion with AES and Msfvenom

- Launching the program:




- Listing the available tools:




- Using Evasion:




- Listing Evasion payloads:




- Let's take the payload number 29, what injects an AES Python script:









- Generating the payload:




- Using MSFVenom:



- Entering a name test2.exe:



- Using Pyinstaller:



- The Veil files are created and stored in these folders:




2 - Setting up a Metasploit handler session on Kali Linux

- Using the newly created test2.rc as a reference file, Msfconsole opens a handler session:










3 - Running the .exe file on the victim Windows 10

- Establishing a simple web server on Kali Linux:




- Accesing test2.exe and downloading it to Windows 10:




- Running test2.exe:




- A successful Meterpreter session is created:






4 - Checking the Anti Virus evasion rate

- Checking test2.exe against Virus total, a rate of  60.3% evasion success is achieved:






- Checking test2.exe against No Distribute, a rate of  67.5% evasion success is achieved:






- Clearly, the use of encryption to generate the payload improves the success rate of Anti Virus evasion.