Veil工具笔记 [ Mi1k7ea ]

0x00 前言

参考Micro8系列第十一课：https://micro8.gitbook.io/micro8/contents-1/11-20/11-gong-ju-jie-shao-veilevasion

0x01 简介

Veil是一款用于生成可绕过常见反病毒检测的Metasploit payload的工具。

如下两个版本的Linux系统是官方支持的Veil：

Debian 8+
Kali Linux Rolling 2018.1+

新版项目地址：https://github.com/Veil-Framework/Veil

旧版项目地址（停更）：https://github.com/Veil-Framework/Veil-Evasion

0x02 安装

在Kali中通过apt安装之前，可以先换源使得后续安装比较快速：

root@John:~/Deskto#cat /etc/apt/sources.list

#中科大
deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
#阿里云
#deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
#deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
#清华大学
#deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
#deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
#浙大
#deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free
#deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free
#东软大学
#deb http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
#deb-src http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
#官方源
#deb http://http.kali.org/kali kali-rolling main non-free contrib
#deb-src http://http.kali.org/kali kali-rolling main non-free contrib
#重庆大学
#deb http://http.kali.org/kali kali-rolling main non-free contrib
#deb-src http://http.kali.org/kali kali-rolling main non-free contrib

通过apt快速安装：

1 2	apt -y install veil /usr/share/veil/config/setup.sh --force --silent

或者通过Git安装：

apt-get -y install git
git clone https://github.com/Veil-Framework/Veil.git
cd Veil/
./config/setup.sh --force --silent

安装过程比较漫长。

0x03 基本使用

…待补充

可支持生成的payload：

1) auxiliary/coldwar_wrapper  
2) auxiliary/macro_converter  
3) auxiliary/pyinstaller_wrapper  
4) c/meterpreter/rev_http  
5) c/meterpreter/rev_http_service  
6) c/meterpreter/rev_tcp  
7) c/meterpreter/rev_tcp_service  
8) c/shellcode_inject/flatc  
9) cs/meterpreter/rev_http  
10) cs/meterpreter/rev_https  
11) cs/meterpreter/rev_tcp  
12) cs/shellcode_inject/base64_substitution  
13) cs/shellcode_inject/virtual  
14) go/meterpreter/rev_http  
15) go/meterpreter/rev_https  
16) go/meterpreter/rev_tcp  
17) go/shellcode_inject/virtual  
18) native/backdoor_factory  
19) native/hyperion  
20) native/pe_scrambler  
21) perl/shellcode_inject/flat  
22) powershell/meterpreter/rev_http  
23) powershell/meterpreter/rev_https  
24) powershell/meterpreter/rev_tcp  
25) powershell/shellcode_inject/download_virtual  
26) powershell/shellcode_inject/download_virtual_https  
27) powershell/shellcode_inject/psexec_virtual  
28) powershell/shellcode_inject/virtual  
29) python/meterpreter/bind_tcp  
30) python/meterpreter/rev_http  
31) python/meterpreter/rev_http_contained  
32) python/meterpreter/rev_https  
33) python/meterpreter/rev_https_contained  
34) python/meterpreter/rev_tcp  
35) python/shellcode_inject/aes_encrypt  
36) python/shellcode_inject/aes_encrypt_HTTPKEY_Request  
37) python/shellcode_inject/arc_encrypt  
38) python/shellcode_inject/base64_substitution  
39) python/shellcode_inject/des_encrypt  
40) python/shellcode_inject/download_inject  
41) python/shellcode_inject/flat  
42) python/shellcode_inject/letter_substitution  
43) python/shellcode_inject/pidinject  
44) python/shellcode_inject/stallion  
45) ruby/meterpreter/rev_http  
46) ruby/meterpreter/rev_http_contained  
47) ruby/meterpreter/rev_https  
48) ruby/meterpreter/rev_https_contained  
49) ruby/meterpreter/rev_tcp  
50) ruby/shellcode_inject/base64  
51) ruby/shellcode_inject/flat