Creating a virus for Windows with Veil
In this article, we will continue to study the topic of malware and consider another way to create a backdoor virus using the Veil tool on Kali Linux
Hey Freaks !
Dealing with various malicious files is an area that hackers should definitely understand. We have already talked about virus creation tools for various operating systems many times. In this article, we will continue to explore the topic of malware and look at another way to create a backdoor virus using the Veil tool on Kali Linux (or any other Linux distribution).
How to Create a Windows Virus with Veil on Kali Linux
A backdoor virus (trojan, rat) is a malicious software whose purpose is a covert connection, obtaining information and manipulating a remote computer.
Next, I will show how I created a backdoor virus for a Windows computer, the launch and operation of which even the antivirus could not detect. After launching the virus, I was able to remotely control the computer, take pictures from the webcam, screenshots, use a keylogger, etc.
for more article and stuff like this check out our Telegram : Here
Let's look at the steps to create a virus...
1. Install Veil on Linux
The first step is to install Veil. If you are using a distribution other than Kali Linux, then you need to install Metasploit as well.
To quickly and silently install Veil on Kali Linux:
/usr/share/veil/config/setup.sh --force --silent
2. Using the Veil Framework
After installation, to launch the framework, use the command:
The Veil framework consists of two tools, Evasion and Ordinance, which can be displayed with the command:
We are interested in Evasion, so we enter:
2.1 Creating an executable virus file
Backdoor viruses create a reverse connection. When the target user runs the malicious virus file, the computer attempts to connect to the hacker's computer. This process is called backconnect . The attack comes from within, so antiviruses cannot always detect such an attack. For this reason, it's best to use port 8080, which is the normal port used to connect to sites.
To display a list of payloads (viruses), use the command:
I will use the 15th option. This option uses golang as the Meterpreter payload programming language:
To create a virus, you need to set the LPORT and LHOST parameters.
- LPORT - IP address of the attacking computer. To find out your IP address, use the ifconfig command.
- LHOST - port for connection. I will use 8080, but you can choose a different port.
Signature analysis of an antivirus is based on searching files for a unique sequence of bytes - a signature characteristic of a particular virus. For each new virus, its signature is determined. The received data is placed in the database of virus signatures, which all antiviruses work with.
If the signature of your malicious file is present in this database, the antivirus will mark your file as suspicious. Therefore, it is recommended to use the updated version of Veil, as the updated version will do a better job of masking the virus and allow you to bypass the antivirus.
The following settings I used to bypass the antivirus. This is not a mandatory part, but the extra protection of the malware does not hurt.
To create a virus, run the command:
Give the file a name. I named it backdoor_8080 , but in a real hack, you need to name it something else so that it doesn't arouse suspicion.
The created virus will be saved in the directory:
2.2 Connecting to a remote computer
Now let 's launch the Metasploit framework . To run Metasploit, open a terminal and run the command:
Select the multi/handler module :
Let's change the parameters according to our requirements. Let's execute the following commands:
set PAYLAOD windows/meterpreter/reverse_https
IP is the IP address of our computer that we used during the creation of the virus.
2.3 Delivery of the virus to the target computer
Now you can send the virus to the target computer. If you do not have physical access to the device, then you can apply social engineering techniques .
2.4 Testing a virus on Windows
We launch the virus on a Windows computer (in my case, the backdoor_8080.exe file) .
We return to Metasploit and see that the metepreter session is open. So we have hacked a remote computer and can interact with it.
The Meterpreter session will look like the one shown above. For command help, type:
Now you can change user privileges, download and upload files, run an executable file as a service, take screenshots, save keystrokes, and much more.
This method can be used on a local network. If you want to use it remotely, then you need to set up a remote connection using Ngrok.
That's all for today. Remember that if you use this software correctly, you can make good money 😉