Forum Thread: How Can Imbed a (Veil-Evasion) Payload in a Working Pdf or Image File ? So When the Pdf/Image Opens, the Payload Execute

How Can Imbed a (Veil-Evasion) Payload in a Working Pdf or Image File ? So When the Pdf/Image Opens, the Payload Execute

How can imbed a (veil-evasion) payload in a working pdf or image file ? so when the pdf/image opens, the payload executes ?

14 Responses

How can I imbed*

Isnt it embed haha??

oh srry, yeah embed..
but nvm, it's detected now, the veil-evasion is useless now :'(
another ways ?!

try this powershell attack using a word document...works like charm and is not detected by AVAST when executed (that's what i have on my machine and it's a powerful AV)

Thank you :D

Try a different type of exploit... or change the language payload is written in..

You mean the aecencrypt ? which exploit ?!!

Also how to change the language ?!

What I mean is.. try a different exploit except pdf.. just give it a pdf icon or something...
There is a tut on how to change language..

I didnt change it to pdf, I just used the handler and the payload output, and AVAST caught it!

Can you link me to that "change languahe" tutorial ? I cant find it!

Theres a guide for it in listeners section.. check it out!!

Can you link me to it please ?

personally, i use 3 methods:
1) bind the veil payload to a valid pdf file using winrar SFX, and add a pdf icon of course

2) I make a veil payload and change its icon to any file type i like, pdf, doc, docx or jpg, using icoFX... it may look suspicious when the victim clicks on it and nothing happens, but to make it less suspicious, i send it to the victim among other clean files (black sheep in a white herd)

3) use the adobe_pdf_embedded_exe in metasploit and specify my own exe file using the command: set EXENAME /root/veilpayload.exe (doesn't work with all versions of pdf)

Share Your Thoughts

  • Hot
  • Active