koalamugger Posted April 27, 2018 Share Posted April 27, 2018 Hey Guys! I used to run Kali on my pen test workstation, however after a pretty gnarly crash, I moved to Parrot to test out a new flavor of linux (very impressed in some areas, not so much in others). However, I have a test window open with my company where we are going full blind and I need to pull out all the stops for this one. That means I need to create a FUD. Only way I have ever been able to succeed in a FUD is with low level shell script kiddy stuff and Veil-Evasion (sorry, but its just faster) I am having the worst time trying to get Veil to work properly. I have both the previous and curren Gits of Veil, reinstalled, nuked, reimaged, EVERYTHING. At this point i just need some help. (and yes, I have even tried youtube videos, Im not missing anything) The error seems to come up when trying to finalize the payload with Pyinstaller (i fail with Py2EXE as well) Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 29, 2018 Share Posted April 29, 2018 I had issues in the past with Veil. One thing you have to make sure of is you add the i386 architecture to your apt: dpkg --add-architecture i386 Next install wine. You want to make sure wine64 and win32 installs. Next, rerun the installer for Veil to make sure everything goes in fine and then try your payload creation again. I would also watch the install carefully and look for any errors. For those I had to install the package myself. If a pip install failed, you may have to apt-get the package before running pip. 1 Quote Link to comment Share on other sites More sharing options...
koalamugger Posted April 29, 2018 Author Share Posted April 29, 2018 5 hours ago, PoSHMagiC0de said: I had issues in the past with Veil. One thing you have to make sure of is you add the i386 architecture to your apt: dpkg --add-architecture i386 Next install wine. You want to make sure wine64 and win32 installs. Next, rerun the installer for Veil to make sure everything goes in fine and then try your payload creation again. I would also watch the install carefully and look for any errors. For those I had to install the package myself. If a pip install failed, you may have to apt-get the package before running pip. I will let you know how this goes tomorrow when I test. If it works then you are a god, because I've nearly smashed my keyboard 3 times reinstalling everything. This is what I get for losing my image. Thanks! Quote Link to comment Share on other sites More sharing options...
koalamugger Posted April 30, 2018 Author Share Posted April 30, 2018 Nope ? The package install and the reinstall of Wine64 and 32 didn't get my anywhere. From the looks of it, this is more of an issue with pyinstaller and py2exe Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 30, 2018 Share Posted April 30, 2018 I haven't used Veil-Evasion in a bit. I will give it an install and run this week sometime to see if something has changed since the last time I installed it. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 30, 2018 Share Posted April 30, 2018 Okay, on my VM I did not have veil-evasion on I did the following and veil works. dpkg --add-architecture i386 apt update apt upgrade apt dist-upgrade apt autoremove reboot -n #above I updated everything because my VM was behind but made sure I had the i386 architecture added first. #after reboot and logon. apt update apt install wine apt install veil-evasion veil I told it to install with "Y" I reinstalled all the Windows apps for python, ruby, etc...overwriting when I had to. When done I was in veil and I created a regular https payload using phyperion and default pyinstaller. It got done with no errors. If you have not done so, make veil reinstall/reset so you can reinstall the dependencies. If having issues resetting. then apt remove --purge veil-evasion and then re apt install it. Now if you installed veil from git, well, you will have to figure out how to completely remove it to reinstall it or the one from apt. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted April 30, 2018 Share Posted April 30, 2018 Oh crap, I didn't see you had ParrotOS installed. Yeah, prepare for the pain. I just saw Kali and figured you had Kali. What is hurting you here is Firejail. I used to run ParrotOS for about a year and then dropped it because they are really focused on anonymity which a lot of times break the pen tools. To fix certain pen tools and veil you have two choices. One, you can run veil tell firejail to not jail it (I forgot the commandline for that, might have to ask on the ParrotSec forums) or do what I did and removed firejail with apt remove --purge firejail Once you do that, you will have to redo veil but I would remove the git one if you got it just because the apt one didn't work. If you prefer the git one and have it rerun its installer again after you took care of firejail either by running the installer with the commandline to not firejail it or after you removed firejail. 1 Quote Link to comment Share on other sites More sharing options...
koalamugger Posted May 2, 2018 Author Share Posted May 2, 2018 On 4/30/2018 at 4:39 PM, PoSHMagiC0de said: Oh crap, I didn't see you had ParrotOS installed. Yeah, prepare for the pain. I just saw Kali and figured you had Kali. What is hurting you here is Firejail. I used to run ParrotOS for about a year and then dropped it because they are really focused on anonymity which a lot of times break the pen tools. To fix certain pen tools and veil you have two choices. One, you can run veil tell firejail to not jail it (I forgot the commandline for that, might have to ask on the ParrotSec forums) or do what I did and removed firejail with apt remove --purge firejail Once you do that, you will have to redo veil but I would remove the git one if you got it just because the apt one didn't work. If you prefer the git one and have it rerun its installer again after you took care of firejail either by running the installer with the commandline to not firejail it or after you removed firejail. I think I may just grab the new bistro of Kali that was released and run through your first list of instructions. Ill keep you posted. Thanks man! It sucks I have been spending so much time on this lol, all I wanted was a FUD since we have a blind attack parameter for this client. Good times! Thanks again for the help. Quote Link to comment Share on other sites More sharing options...
koalamugger Posted May 5, 2018 Author Share Posted May 5, 2018 On 4/30/2018 at 4:34 PM, PoSHMagiC0de said: Okay, on my VM I did not have veil-evasion on I did the following and veil works. dpkg --add-architecture i386 apt update apt upgrade apt dist-upgrade apt autoremove reboot -n #above I updated everything because my VM was behind but made sure I had the i386 architecture added first. #after reboot and logon. apt update apt install wine apt install veil-evasion veil I told it to install with "Y" I reinstalled all the Windows apps for python, ruby, etc...overwriting when I had to. When done I was in veil and I created a regular https payload using phyperion and default pyinstaller. It got done with no errors. If you have not done so, make veil reinstall/reset so you can reinstall the dependencies. If having issues resetting. then apt remove --purge veil-evasion and then re apt install it. Now if you installed veil from git, well, you will have to figure out how to completely remove it to reinstall it or the one from apt. I made progress with the install but now Im getting a runtime error. I checked the directories and made sure that the Crypto folder was upper case as some other forums have mentioed for this issue but not success. Here's what I get -- root@kali:/usr/share/Veil# ./Veil.py Traceback (most recent call last): File "./Veil.py", line 96, in <module> the_conductor = orchestra.Conductor(args) File "/usr/share/Veil/lib/common/orchestra.py", line 30, in __init__ self.load_tools(cli_stuff) File "/usr/share/Veil/lib/common/orchestra.py", line 78, in load_tools command_line_object) File "tools/evasion/tool.py", line 40, in __init__ self.load_payloads(cli_options) File "tools/evasion/tool.py", line 250, in load_payloads name.replace("/", ".").rstrip('.py'), name) File "/usr/lib/python3.6/imp.py", line 172, in load_source module = _load(spec) File "<frozen importlib._bootstrap>", line 684, in _load File "<frozen importlib._bootstrap>", line 665, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 678, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "tools/evasion/payloads/auxiliary/pyinstaller_wrapper.py", line 9, in <module> from tools.evasion.evasion_common import encryption File "/usr/share/Veil/tools/evasion/evasion_common/encryption.py", line 8, in <module> from Crypto.Cipher import ARC4 ModuleNotFoundError: No module named 'Crypto' Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted May 8, 2018 Share Posted May 8, 2018 You might have to apt install python-crypto. If the pip install did not get it then it is an apt package you will need. 1 Quote Link to comment Share on other sites More sharing options...
koalamugger Posted May 9, 2018 Author Share Posted May 9, 2018 12 hours ago, PoSHMagiC0de said: You might have to apt install python-crypto. If the pip install did not get it then it is an apt package you will need. Yup! my system was grabbing python 3.0 by default, but veil seems to rely on 2.7. I also reinstalled with 32bit instead of 64 Kali and that seems to have alleviated a bunch of the issues. Thanks again man! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.