Forum Thread: How Can Imbed a (Veil-Evasion) Payload in a Working Pdf or Image File ? So When the Pdf/Image Opens, the Payload Execute

How can imbed a (veil-evasion) payload in a working pdf or image file ? so when the pdf/image opens, the payload executes ?

17 Responses

How can I imbed*

Isnt it embed haha??

oh srry, yeah embed..
but nvm, it's detected now, the veil-evasion is useless now :'(
another ways ?!

try this powershell attack using a word document...works like charm and is not detected by AVAST when executed (that's what i have on my machine and it's a powerful AV)

Thank you :D

hi, does it work even with android office files opener? therefore the os won't be windows but android itself. thanks

Try a different type of exploit... or change the language payload is written in..

You mean the aecencrypt ? which exploit ?!!

Also how to change the language ?!

What I mean is.. try a different exploit except pdf.. just give it a pdf icon or something...
There is a tut on how to change language..

I didnt change it to pdf, I just used the handler and the payload output, and AVAST caught it!

Can you link me to that "change languahe" tutorial ? I cant find it!

Theres a guide for it in listeners section.. check it out!!

Can you link me to it please ?

personally, i use 3 methods:
1) bind the veil payload to a valid pdf file using winrar SFX, and add a pdf icon of course

2) I make a veil payload and change its icon to any file type i like, pdf, doc, docx or jpg, using icoFX... it may look suspicious when the victim clicks on it and nothing happens, but to make it less suspicious, i send it to the victim among other clean files (black sheep in a white herd)

3) use the adobe_pdf_embedded_exe in metasploit and specify my own exe file using the command: set EXENAME /root/veilpayload.exe (doesn't work with all versions of pdf)

hi, could you start up a thread within here concerned? thanks

Forget about typing "imbed" instead of "embed", yet it looks struggling. Does anybody know if it affects certain PDF files only or related services as well? The cloud safety is the very reason I switched from Adobe Acrobat to this online tool pump-it-up-job-form.pdffiller.com I feel more confident when my file store in that fashion, but this very post has raised some doubts..

Share Your Thoughts

  • Hot
  • Active