Forum Thread: How Can Imbed a (Veil-Evasion) Payload in a Working Pdf or Image File ? So When the Pdf/Image Opens, the Payload Execute

How can imbed a (veil-evasion) payload in a working pdf or image file ? so when the pdf/image opens, the payload executes ?

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

16 Responses

How can I imbed*

Isnt it embed haha??

oh srry, yeah embed..
but nvm, it's detected now, the veil-evasion is useless now :'(
another ways ?!

try this powershell attack using a word like charm and is not detected by AVAST when executed (that's what i have on my machine and it's a powerful AV)

Thank you :D

hi, does it work even with android office files opener? therefore the os won't be windows but android itself. thanks

Try a different type of exploit... or change the language payload is written in..

You mean the aecencrypt ? which exploit ?!!

Also how to change the language ?!

What I mean is.. try a different exploit except pdf.. just give it a pdf icon or something...
There is a tut on how to change language..

I didnt change it to pdf, I just used the handler and the payload output, and AVAST caught it!

Can you link me to that "change languahe" tutorial ? I cant find it!

Theres a guide for it in listeners section.. check it out!!

Can you link me to it please ?

personally, i use 3 methods:
1) bind the veil payload to a valid pdf file using winrar SFX, and add a pdf icon of course

2) I make a veil payload and change its icon to any file type i like, pdf, doc, docx or jpg, using icoFX... it may look suspicious when the victim clicks on it and nothing happens, but to make it less suspicious, i send it to the victim among other clean files (black sheep in a white herd)

3) use the adobe_pdf_embedded_exe in metasploit and specify my own exe file using the command: set EXENAME /root/veilpayload.exe (doesn't work with all versions of pdf)

hi, could you start up a thread within here concerned? thanks

Share Your Thoughts

  • Hot
  • Active