Jump to content

Trouble Getting Veil-Evasion to Work


koalamugger

Recommended Posts

Hey Guys!

           I used to run Kali on my pen test workstation, however after a pretty gnarly crash, I moved to Parrot to test out a new flavor of linux (very impressed in some areas, not so much in others). However, I have a test window open with my company where we are going full blind and I need to pull out all the stops for this one. That means I need to create a FUD. Only way I have ever been able to succeed in a FUD is with low level shell script kiddy stuff and Veil-Evasion (sorry, but its just faster) 

I am having the worst time trying to get Veil to work properly. I have both the previous and curren Gits of Veil, reinstalled, nuked, reimaged, EVERYTHING. At this point i just need some help. (and yes, I have even tried youtube videos, Im not missing anything) 

The error seems to come up when trying to finalize the payload with Pyinstaller (i fail with Py2EXE as well) 

 

 

Link to comment
Share on other sites

I had issues in the past with Veil.  One thing you have to make sure of is you add the i386 architecture to your apt:

dpkg --add-architecture i386

 

Next install wine.  You want to make sure wine64 and win32 installs.  Next, rerun the installer for Veil to make sure everything goes in fine and then try your payload creation again.

I would also watch the install carefully and look for any errors.  For those I had to install the package myself.  If a pip install failed, you may have to apt-get the package before running pip.

  • Upvote 1
Link to comment
Share on other sites

5 hours ago, PoSHMagiC0de said:

I had issues in the past with Veil.  One thing you have to make sure of is you add the i386 architecture to your apt:

dpkg --add-architecture i386

 

Next install wine.  You want to make sure wine64 and win32 installs.  Next, rerun the installer for Veil to make sure everything goes in fine and then try your payload creation again.

I would also watch the install carefully and look for any errors.  For those I had to install the package myself.  If a pip install failed, you may have to apt-get the package before running pip.

I will let you know how this goes tomorrow when I test. 

 

If it works then you are a god, because I've nearly smashed my keyboard 3 times reinstalling everything. This is what I get for losing my image. Thanks! 

Link to comment
Share on other sites

Okay, on my VM I did not have veil-evasion on I did the following and veil works.

dpkg --add-architecture i386
apt update
apt upgrade
apt dist-upgrade
apt autoremove
reboot -n

#above I updated everything because my VM was behind but made sure I had the i386 architecture added first.
#after reboot and logon.

apt update
apt install wine
apt install veil-evasion
veil

 

I told it to install with "Y"

I reinstalled all the Windows apps for python, ruby, etc...overwriting when I had to.

 

When done I was in veil and I created a regular https payload using phyperion and default pyinstaller.  It got done with no errors.

If you have not done so, make veil reinstall/reset so you can reinstall the dependencies.  If having issues resetting. then apt remove --purge veil-evasion and then re apt install it.

Now if you installed veil from git, well, you will have to figure out how to completely remove it to reinstall it or the one from apt.

Link to comment
Share on other sites

Oh crap, I didn't see you had ParrotOS installed.

 

Yeah, prepare for the pain.  I just saw Kali and figured you had Kali.  What is hurting you here is Firejail.  I used to run ParrotOS for about a year and then dropped it because they are really focused on anonymity which a lot of times break the pen tools.  To fix certain pen tools and veil you have two choices.  One, you can run veil tell firejail to not jail it (I forgot the commandline for that, might have to ask on the ParrotSec forums) or do what I did and removed firejail with

apt remove --purge firejail

 

Once you do that, you will have to redo veil but I would remove the git one if you got it just because the apt one didn't work.  If you prefer the git one and have it rerun its installer again after you took care of firejail either by running the installer with the commandline to not firejail it or after you removed firejail.

 

  • Like 1
Link to comment
Share on other sites

On 4/30/2018 at 4:39 PM, PoSHMagiC0de said:

Oh crap, I didn't see you had ParrotOS installed.

 

Yeah, prepare for the pain.  I just saw Kali and figured you had Kali.  What is hurting you here is Firejail.  I used to run ParrotOS for about a year and then dropped it because they are really focused on anonymity which a lot of times break the pen tools.  To fix certain pen tools and veil you have two choices.  One, you can run veil tell firejail to not jail it (I forgot the commandline for that, might have to ask on the ParrotSec forums) or do what I did and removed firejail with

apt remove --purge firejail

 

Once you do that, you will have to redo veil but I would remove the git one if you got it just because the apt one didn't work.  If you prefer the git one and have it rerun its installer again after you took care of firejail either by running the installer with the commandline to not firejail it or after you removed firejail.

 

I think I may just grab the new bistro of Kali that was released and run through your first list of instructions. Ill keep you posted. Thanks man! 

It sucks I have been spending so much time on this lol, all I wanted was a FUD since we have a blind attack parameter for this client. Good times! Thanks again for the help. 

 

Link to comment
Share on other sites

On 4/30/2018 at 4:34 PM, PoSHMagiC0de said:

Okay, on my VM I did not have veil-evasion on I did the following and veil works.


dpkg --add-architecture i386
apt update
apt upgrade
apt dist-upgrade
apt autoremove
reboot -n

#above I updated everything because my VM was behind but made sure I had the i386 architecture added first.
#after reboot and logon.

apt update
apt install wine
apt install veil-evasion
veil

 

I told it to install with "Y"

I reinstalled all the Windows apps for python, ruby, etc...overwriting when I had to.

 

When done I was in veil and I created a regular https payload using phyperion and default pyinstaller.  It got done with no errors.

If you have not done so, make veil reinstall/reset so you can reinstall the dependencies.  If having issues resetting. then apt remove --purge veil-evasion and then re apt install it.

Now if you installed veil from git, well, you will have to figure out how to completely remove it to reinstall it or the one from apt.

I made progress with the install but now Im getting a runtime error. I checked the directories and made sure that the Crypto folder was upper case as some other forums have mentioed for this issue but not success.

Here's what I get --

root@kali:/usr/share/Veil# ./Veil.py
Traceback (most recent call last):
  File "./Veil.py", line 96, in <module>
    the_conductor = orchestra.Conductor(args)
  File "/usr/share/Veil/lib/common/orchestra.py", line 30, in __init__
    self.load_tools(cli_stuff)
  File "/usr/share/Veil/lib/common/orchestra.py", line 78, in load_tools
    command_line_object)
  File "tools/evasion/tool.py", line 40, in __init__
    self.load_payloads(cli_options)
  File "tools/evasion/tool.py", line 250, in load_payloads
    name.replace("/", ".").rstrip('.py'), name)
  File "/usr/lib/python3.6/imp.py", line 172, in load_source
    module = _load(spec)
  File "<frozen importlib._bootstrap>", line 684, in _load
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "tools/evasion/payloads/auxiliary/pyinstaller_wrapper.py", line 9, in <module>
    from tools.evasion.evasion_common import encryption
  File "/usr/share/Veil/tools/evasion/evasion_common/encryption.py", line 8, in <module>
    from Crypto.Cipher import ARC4
ModuleNotFoundError: No module named 'Crypto'

 

 

 

Link to comment
Share on other sites

12 hours ago, PoSHMagiC0de said:

You might have to apt install python-crypto.  If the pip install did not get it then it is an apt package you will need.

Yup! my system was grabbing python 3.0 by default, but veil seems to rely on 2.7. I also reinstalled with 32bit instead of 64 Kali and that seems to have alleviated a bunch of the issues. Thanks again man!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...