Shulou(Shulou.com)06/02 Report--

This article will explain in detail how VEIL Framework in Kali Linux bypasses antivirus software. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Bypassing antivirus products has always been a "headache" in the process of penetration testing. Today, we will show you how to bypass most of the free antivirus products on the market.

Because many novice users like to use lightweight antivirus products like AVAST or AVG that do not take up too many system resources, our experimental environment uses free AVAST antivirus software and runs on Windows 10.

Testing tool

1 、 Kali

2. Veil framework

3 、 Windows 10

4 、 AVAST

The Veil framework is an old anti-soft bypass tool that generates almost undetectable Payload, and Veil can be installed and run from a command line terminal:

Apt-get-y install git clone https://github.com/Veil-Framework/Veil-Evasion.gitcd Veil-Evasion/cd setupsetup.sh-c

For more information, please refer to the project's GitHub home page: [portal]

The first step

Open a command line window on the Kali host, change to the Veil frame directory, and type:

# python veil-evasion.py

Step two

Use the list command to list all available commands and check the available Payload provided by the Veil framework:

Step three

Select Payload- "python/shellcode_inject/arc_encrypt" with number 37. The Shellcode is encrypted using the arc4 encryption algorithm and decrypted using a key file in memory.

We can use the info command to view the information, and then use the SET command to use the phyrion decryptor:

SET USE_PHYRION Y

The fourth step

Enter the command to generate Payload, using msfvenmon by default. Here I use the default reverse_tcphandler and fill in the LHOST and LPORT of the Kali Linux host.

Step five

After the Payload is successfully generated, the tool displays the generation address of the Payload and the Handler file address of the msf. Next, enter the following command:

# msfconsole-r / usr/share/veil-output/handlers/payload_handler.rc

Step six

Next, copy the Payload we generated into the Windows host, and then execute Payload, where we are testing the latest version of Avast.

About how the VEIL Framework in Kali Linux bypass antivirus software to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.