AdSense

Tuesday, February 27, 2018

Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom


ANTIVIRUS EVASION /Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom

- Layout for this exercise:




- The goal of this exercise is to achieve a reasonable good rate of Anti Virus evasion using the Veil Framework with Evasion, AES (encryption) and Msfvenom


1 - Veil-Evasion with AES and Msfvenom

- Launching the program:




- Listing the available tools:




- Using Evasion:




- Listing Evasion payloads:




- Let's take the payload number 29, what injects an AES Python script:









- Generating the payload:




- Using MSFVenom:



- Entering a name test2.exe:



- Using Pyinstaller:



- The Veil files are created and stored in these folders:




2 - Setting up a Metasploit handler session on Kali Linux

- Using the newly created test2.rc as a reference file, Msfconsole opens a handler session:










3 - Running the .exe file on the victim Windows 10

- Establishing a simple web server on Kali Linux:




- Accesing test2.exe and downloading it to Windows 10:




- Running test2.exe:




- A successful Meterpreter session is created:






4 - Checking the Anti Virus evasion rate

- Checking test2.exe against Virus total, a rate of  60.3% evasion success is achieved:






- Checking test2.exe against No Distribute, a rate of  67.5% evasion success is achieved:






- Clearly, the use of encryption to generate the payload improves the success rate of Anti Virus evasion.










Veil Framework (II): Evasion (no encryption / no encoding)


ANTIVIRUS EVASION / Veil Framework (II): Evasion (no encryption / no encoding)

- Layout for this exercise:





- The goal of this exercise is to check the rate of Anti Virus evasion success using the Veil Framework with Evasion.

- The success rate will be good, though in this simple exercise we aren't using encryption or encoding for the generated payload.

- On next exercises the success rate will be improved because encryption and encoding will be used.


1 - Generating a payload with Veil-Evasion

- Launching the program:




- Listing the available tools:




- Using Evasion:




- Listing Evasion payloads:




- Taking the number 7) payload, a meterpreter reversion shellcode:








- Setting Kali Linux as LHOST:







- Generating the payload:




- Giving a name test1.exe:




- The Veil files are created and stored in these folders:











2 - Launching the attack

- The generated executable test1.exe is here:




- Setting up a simple web server:




- Transferring the file to the victim Windows 10:





- The reference file test1.rc is here:




A handler session is created, launching Mestasploit taking test1.rc as a reference 






- Running test1.exe at Windows 10:





- The attack is successful and a Meterpreter session is achieved:








3 - Checking the Anti Virus evasion rate

- Checking test1.exe against Virus Total a rate of 59% evasion success is achieved:





- Checking test1.exe against No Distribute a rate of 56.7% evasion success is achieved:








Veil Framework (I): Installation and Setup


ANTIVIRUS EVASION / Veil Framework  (I): Installation and setup

- Layout for this exercise:

 


1 - Introduction to Veil Framework

- The Veil Framework is a collection of security tools that implement various attack methods focused on evading antivirus detection.

https://www.veil-framework.com/framework/

https://github.com/Veil-Framework

- The most recent version at this moment (Veil 3.1.4) is composed  of these tools:

a) Evasion generates payload executables that bypass common antivirus solutions.

b) Ordnance quickly generates Metasploit stager shellcode.






2 - Installing Veil Framework

- In this exercise we are using a Kali Linux distribution.

- In case git is not installed:




- From Veil github, copying to the clipboard:












- Cloning:




- A new directory Veil is created:




- Setting up the framework:




3 - Browsing Veil Framework options

- Launching the program:




- Veil provides some commands. For instance the command list displays the two available tools, Evasion and Ordnance:






4 - Evasion

- Choosing Evasion:





- Listing the 41 Evasion payloads:





                  ......................... etc ............................................................




5 - Ordnance

- Choosing Ordnance:






- Listing Ordnance payloads:






- Listing Ordnance encoder (XOR):