Veil-Evasion - How To Generate Undetectable Payloads - Antivirus Bypass

[Music]
hey guys hack is Floyd here back again
with another video and in this video
we're gonna be looking at how to evade
or bypass antivirus softwares using veil
evasion now again this is was a highly
requested video and a lot of you guys
had asked me to do it you know even
stretching as far as last year and
finally it's come to to my attention
right now because it is the current
video on the list that being said let's
get started so why is this so important
for a penetration tester well
essentially what happens is you you
create an exploit or a payload and when
it's time to send it to the target via
whatever means whether using social
engineering or you're able to send to
send the payload to the target using an
email or whatever means you use the
antivirus software ends up detecting the
payload and your attack fails so again
it is very important to understand how
antivirus softwares work and how to
evade them now that being said there
isn't a way of going about it that will
give you a hundred percent evasion you
might reach 98 to 99 percent if you're
lucky and we'll be talking about this
because I am going to make a series on
this because it is quite a complicated
topic and there are many ways of going
about it
so what we're gonna be looking at is how
to do to evade some of the most popular
antivirus softwares most specifically
the Windows Defender antivirus software
because that is the one that people
usually have installed now I know many
other people have third-party antivirus
softwares like a virus you know
Kaspersky etc etc but we're gonna be
focusing on on antivirus softwares that
are signature based all right so
essentially what signature based
antivirus softwares do is they look for
strings and obviously they have it they
have a database of these strings that
they can pull from and therefore
identify any of these strings in a
program or an executable file which in
most case in most cases is how the
payload is set up in it could be in a
Java file or a Java file but in most
cases when you're sending a payload it's
in an exe file now this method can also
work for a remote access tool but we're
not gonna be focusing on that right now
and I said as I've mentioned previously
you can use different methods which
we'll be looking at after this to
further your your evasion your evasion
protocol or your evasion your evasion
percentage now when I talk about this
I'm talking about file splitting and
hexadecimal editing because you can go
into these executable files split them
up and then edit their split them up and
then edit the edit them with a
hexadecimal editor and get rid of those
strings
therefore in decreasing the chance of
the antivirus software detecting the
payload of the executable file that is
obviously trying to harm that computer
that being said I can I am running a
Windows 7 virtual machine here this is
going to be our target virtual machine
and obviously my host operating system
is Kali Linux now to get veil evasion
installed it doesn't come pre-installed
with Kali Linux you need to just use the
aptitude package manager which can be
done by apt-get install a veil evasion
or veil I'm not quite sure whether it's
veil or veil evasion but any of those
will will start downloading it for you
it isn't a big file at all once it's
done you essentially after it's done you
really you want to start configuring it
so you would go into the directory which
is the user share user share library and
then the veil evasion folder if you want
me to make a separate video not to
install it I will do so because it is
quite a lengthy install because you also
have to install dependencies like Python
Python to win to Windows and Ruby
alright these are all important
prerequisites and and files that you
will need to convert the Python or the
Ruby payloads into an executable file
all right so to get a veil evasion
started it's really very simple by the
way after you've installed veil evasion
what you need to do is you need to
restart your computer because if you
start it directly after installing it it
does come with a few errors and you
might get a little bit worried but don't
worry just restart your computer and
start veil evasion again so you
started with veil as you can see and now
it's going to tell you that you have two
tools loaded you have veil evasion and
ordinance we want to use veil evasion so
the the syntax is quite simple it is
used and we're going to select option
one because we want to use veil evasion
so there we are we're gonna say use one
and now it's gonna give us the value
vision menu and it's going to say we
have 41 payloads loaded so we want to
list the payloads or the available
payloads so I'm gonna say list
sorry list and it's gonna display all
the payloads we have now this is very
interesting because these are the
pillars that you can use and will be
converted now if you remember in one of
my earlier videos when we are talking
about Python programming I created
hacking tools we discussed a little bit
on low-level low-lying level languages
such as C++ Ruby and Python isn't one of
them for example you can see that we
have a go
this is goal-line google's programming
language which is also very low-lying
which means it's very close to a machine
language now these programming languages
are very hard to detect or very tricky
for antivirus softwares to detect
because there are very low line level
languages now by default a Python a
Python payload like this reverse TCP
meterpreter which is what we're going to
be using right now and I'll show you
will evade Windows Defender but it will
not evade antivirus softwares like Avira
Kaspersky because it's a Python is is a
very very high level language which
means it's interacting with the software
more which means again it's very easy to
to be triggered or to to be detected by
the antivirus software now we'll also be
looking at how to use Ruby which is much
more less detectable than Python but
again will be also focusing on the other
ones at the other payloads options that
we can use here like the injection at
the injection the shell code injection
which we'll talk about in a few seconds
but for now let's start off with a
reverse meterpreter session reverse TCP
which is Python yes we're going to
select use 28 use option 28 all right
and now it's going to ask you to enter
your listening your alehouse
and you want to remember your help or
you can change it to whatever you want
that's if you're using port forwarding
we want to select our lost so this is
essentially your host operating system
IP address the so that you can just
perform a quick i F config like so I've
config and get it - 192 upon 168 point
one point 105 excellent so we're gonna
set our ello so the syntax is quite
similar to that of Metasploit so L host
and 192 point one sixty eight point one
point 105 and I'm gonna hit enter
alright now we've set the host all we
can do now is we can hit generate
alright when when we hit generate it's
gonna generate the payload for us so I'm
just gonna generate now make sure you
have all the dependencies installed in
forms of Python the Python to exe or
Python to win as it's called and I'm
gonna enter and it's going to ask you to
select a base name for your output file
so this it comes in place when you're
talking about social engineering so we
can say for example something like
Python Python set up Python set up we
can say x86 you know just to make it
believable x86 and which is can aid
enter and now we want to use PI
installer you can also use Python to exe
if you want to but I prefer PI installer
it's much more convenient I'm gonna hit
one alright and now it's gonna prompt
you or it's gonna start generating the
exe file so give it a few seconds here
and once you've selected your choice
again if you have installed all the
dependencies it should start it up and
there we are it's going to start the the
process of converting the Python PI
payload into a into an executable file
alright so give it a few seconds to
generate it and once it's done it's
going to display the it's gonna start
it's gonna display the output folder so
as you can see here it's given us the
payload module which is Python
interpreter verse TCP and the executable
is written to Varla the var library Vale
folder and output compiled Python setup
block exe so we're gonna enter to
continue alright now what we need to do
now is we need to actually browse to
that directory now
I have the directory open so it's var
library Vail output compiled and here it
is the Python setup 8 32-bit or Exe and
now we need to copy it over to my
Windows operating system here and to do
that I'm just gonna plug in my flash
drive just give me a few seconds guys so
I'm just gonna plug it in here now what
I need to do now is I need to go into my
virtual machine and go into my removable
devices and silicon there we are
disconnected so whoops let me just go
back a directory let me copy this and
I'm gonna put it on my flash drive so
there we are I'm just gonna paste it in
there so this would be also another
attack vector where you give someone a
flash drive and you tell them there's a
Python set up there and in most cases it
might work but again this is not a video
focused on social engineering so I'm
just gonna eject it and then we're gonna
go into VM and we just want to make sure
it is ejected so we're just going to hit
disconnect and now we need to go into
windows and we need to go back into vm
removable devices and we want to go to
silicon and connect and there we are
we're gonna - ok and for some reason my
muscle is lags when I change my
removable devices there we are
so it should have connected the USB
flash drive now let me just check that
apologies for my virtual machine being
so slow so there we are
no I do not want to continue scanning it
I'm gonna open the folder and files and
what I want to do now is whoops for some
reason I minimize that and my virtual
machine is really lagging out man that's
that's a pity sorry about this guys if
it is lagging out my sincere apologies
so there we are that's the file that
we've been looking for
it is the Python setup and as you can
see does look legit so if we copy it
into our desktop you can see that
Windows Defender is not gonna detect
anything and now we want to sect we want
to set a reverse handler here so we're
gonna use Metasploit now so we're just
gonna open up another terminal here
because we want to perform the listening
so new window because that is a reverse
TCP meterpreter session so I'm gonna MSF
console and there we are even 8m MSF
console and by the way after you've
generated the payload with veil evasion
you
perform an online scan for anti viruses
and what I've found with the Python
version is half of the anti viruses will
not detect it now again this is focused
more on the windows defender side of
things and this will probably evade will
evade Windows Defender
I would say 98% of the time when I say
98% I'm giving the other 2% in to the
fact that windows may patch this however
you can always use low lying level
languages like Ruby golang or C++ but it
is really complicated to generate a
payload with C++ and I'll explain in
that in a later video as I still have to
continue my my Python programming
tutorials and I'm also going to start
the C++ keylogger tutorials all right
awesome so now we want to use the
exploit exploit sorry exploit multi
handler oops
exploit multi handler oops
multi handler and now we want to say use
use Python Python meteor crator reverse
Python meterpreter reverse DCP is it an
exploit yeah there we are that's the one
Python weather Puteri verse tcp and now
if we show the we want to select select
payload oops
actually we worried we want to select
the payload so sorry
we just need to exit I'm not actually
using this exploit so I my self-control
sorry about that guys got a little
confused there got a little bit carried
away so as I was saying this would
probably evade Windows 7 Windows 8 8.1
and also tend the earlier versions I'm
not sure where they will evade Windows
10 but we will probably look at that in
the future but many of you guys have
been asking for this how to use the
elevation and if you want the
installation video just let me know in
the comment section and I'll be I'll
make it because the truth is it is quite
complicated to get it set up but if you
have managed to do it then you're pretty
much good to go alright so let's start
at the Metasploit framework here for
some reason my virtual machines are
really really lagging right now so again
use exploit oops exploit Multi multi
handler select payload select payload
and we're gonna say here the Python met
fritter reverse TCP and I'm gonna and
oops use payload sorry about that I'm
really getting confused today use
payload there we are and once it uses
the payload once we have selected the
payload we then need to just set the L
host which is our current IP address the
host IP address fail to load module
oops sorry use payload hold on about
this set payload sorry about that guys
my apologies I've got a little bit
confused with veil evasion and this
because the commands are slightly
different now busy been using the
command line but that's not no excuse so
set the payload now we need to set set
we L host oops l host and there lost is
one eighty two point one sixty point one
point four 105 so this is your host
operating system or Kali Linux or IP
address so I'm going to enter and have
set the l host and now it is gonna hit
which is going to run alright and it
started the reverse TCP Handler and now
what we need to do is we need to run
this application so who's gonna run it
and will probably tell us that it
stopped working for some reason my
windows has crashed here for some reason
oh there we are
the launch give it administrative
privileges and there you are
metallization open and windows was not
able to detect anything or and the
program was able to evade Windows
Defender so you can see it definitely
works and you can go ahead and and use
the meterpreter session if you want to
now when we're talking about the other
ways of using a veil evasion and I'm
probably just gonna end the video here
because I want to cover file splitting
and hexadecimal editing in the next
video which will come shortly after this
one but if you want to use veil evasion
what I would recommend is to go through
the
other options that it does provide you
with and you might be asking what what
am I talking about well I'm talking
about the the payloads that you can use
so if I go back to the list here you can
see that I have the Ruby meterpreter
here which sorry about that if you can
hear a dog barking in the background I
apologize for that what I would
recommend is to use the option 39 which
will generate it in Ruby and then
finally you can you can then use you can
use Metasploit again to perform the
reverse meterpreter to give you the to
to handle there the reverse connection
all right that being said you can
perform different scans on these on the
repel loads all the executable files
that you generate but you can see that
with very version it is all dependent on
payloads now in the next set of videos
in this series we were talking about
virus antivirus evasion I'm going to be
talking about file splitting which
really works you know to your surprise
you don't need to change anything about
the file you've split the files and then
you edit these strings with the
hexadecimal editor but it is quite
complicated and I'll show you how to
perform the calculations because is
there is and are a lot of are thematic
calculations involved scientific
automatic calculations that being said
that's gonna be it for this video guys
the AC 7 video is scheduled to be out
tonight latest tomorrow morning but it
should be out on the website so just
stay tuned for that I will be posting
updates on Twitter as to when it will be
uploaded that being said guys if you
found value in this video please leave a
like down below if you have any
questions or suggestions let me know in
the comments section or on my social
networks and I'll be seeing you in the
next video peace guys
you
[Music]
[Applause]
[Music]