Firstly great job on netool very impressive. I found the backdoors get picked up by most AV software. I was wondering if it was possible to use veil-evasions encryption techniques to mask the backdoor. I normally use veil evasion to create backdoors and call metasploit for the meterpreter session but what i haven't been able to do is use an existing .exe such a zip and inbed a backdoor within it like you are doing all the .exe are custome made and suspecious to the eye when utilizing veil. Your tool is awsome but if you were able to incorporate veils technique of AV evasion then it would be deadly. Is this possible have you considered looking in to this? You have got yourself a new fan seriously awsome work. Hail from SA
Regards:
Grundy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thats the reazon why i have made a 'stop' fuction befor lanching the listenner or the arp-poison (so a user have time to encrypt the payload befor continue the attack and then export the encrypted payload to the correspondent attack path needed) <-- so you can use VEIL to encrypt payloads and then use it in netool.sh attacks yes, "does veil produce FUD this days ???"...
yes i could incorporate veil technics because the secret of
veil its the 'Pyinstaller' and 'Pwnstaller' modules... http://www.harmj0y.net/blog/python/pwnstaller-1-0/
in the future i will take your idea in consideration thanks.
in netool.sh V4.2 released i have added a new automated attack called 'host a file attack' that simple uses the fakeupdate method and one external payload to remote control a target: 'meterpreter powershell shellcode invocation'
Hi peterubuntu10
Firstly great job on netool very impressive. I found the backdoors get picked up by most AV software. I was wondering if it was possible to use veil-evasions encryption techniques to mask the backdoor. I normally use veil evasion to create backdoors and call metasploit for the meterpreter session but what i haven't been able to do is use an existing .exe such a zip and inbed a backdoor within it like you are doing all the .exe are custome made and suspecious to the eye when utilizing veil. Your tool is awsome but if you were able to incorporate veils technique of AV evasion then it would be deadly. Is this possible have you considered looking in to this? You have got yourself a new fan seriously awsome work. Hail from SA
Regards:
Grundy
hello man, sorry for the late reply, but i recibe bug-reports here:
https://sourceforge.net/p/netoolsh/discussion/general/thread/928a3086/
thats the reason why i only see your question now,about your veil question:
thats the reazon why i have made a 'stop' fuction befor lanching the listenner or the arp-poison (so a user have time to encrypt the payload befor continue the attack and then export the encrypted payload to the correspondent attack path needed) <-- so you can use VEIL to encrypt payloads and then use it in netool.sh attacks yes, "does veil produce FUD this days ???"...
yes i could incorporate veil technics because the secret of
veil its the 'Pyinstaller' and 'Pwnstaller' modules...
http://www.harmj0y.net/blog/python/pwnstaller-1-0/
in the future i will take your idea in consideration thanks.
in netool.sh V4.2 released i have added a new automated attack called 'host a file attack' that simple uses the fakeupdate method and one external payload to remote control a target: 'meterpreter powershell shellcode invocation'
"A.V. bypass using powershell and a meterpreter payload, obfuscated using unicode and base64" https://www.youtube.com/watch?v=4goHDJqBRXk&list=UUkYIsELo6hnXdYBZklu6Jng
Last edit: pedro ubuntu 2014-09-01