Forum Thread: How to Encrypt a Payload to Bypass Most AVs !!!

The fu*? Veil-evasion is FUD (full undetectable) What veil payload you used?

I checked on virus total and more than half av detected a virus .
I tried with python/meterpreter/reverse-tcp also with aes encryption and more but always the same result !
Maybe it's because my veil is outdated ?

YOU DID WHAT?!?!?!?!?!

Please, before continuing with Veil Evasion, read THIS WITH A LOT OF CARE!!!

Don't ever do that again you hear me?!

-Phoenix750

I only use nodistribute and earlier i wanted to test it and python reverse tcp got like 3/47 detection rate, and none of the major antiviruses detected it, So wtf?

That's what i thought !

The reason i got pissed is because i don't want him to be one of the other idiots you mentioned.

-Phoenix750

Exactly, also Veil-Evasion writes a big ass warning in red after generating each payload

Firstly, I have never had a problem with any AV detecting a payload I created through Veil.

Can we make a premium section on this site for members that have been around for a few months?

I know of other great crypters/binders (as I am sure many of you do) but will not post any reference of them here because I know many people will upload the payloads to VT and ruin it for all of us.

First of all, watch your language please, this is supposed to be a friendly environment. Second, don't give him flak for using VirusTotal. I know we should never use it but come on, give him a break.

-Defalt

Getting mad at someone will prevent them from doing it again. Parenting works that way, teaching manners works that way, etc. The reason i got a little pissed there is so he will never make the same mistake again.

-Phoenix750

Yeah, i know phoenix would understand

Ok i am not offended and i won't try the same thing again !
The option in veil-evasion to check the hash on virus total what is this ?

It looks like they removed it. I can take some time to find a new engine that still does support this if you want.

-Phoenix750

No they didnt you just have to generate a payload then checkvt

Doesn't matter if they remove it or not. You can still check the payload by using:
md5sum <payload path>
Then on VT you click search and paste the md5sum there.

oh, apperantly it still does exist! great!

-Phoenix750

Also can someone answer me how can i update veil-evasion ?
Update in program not working . says updated and nothing happens !

you could try to uninstall the old version and reinstall the newer version.

-Phoenix750

Yes i tried the command apt-get --purge remove veil-evasion

and downloaded from git-hub but it opens the wrong version and when i open it from the downloaded folder it opens the newest version but it shows 0 payloads :/

What version of Veil are you trying to download?

-Phoenix750

The newest one from git-hub . Version 2.22.1 . But everytime when i type veil-evasion in terminal it opens version 2.20

delete the veil-evasion folder or what's left of it in /usr/share/ (i guess), then cd to the folder of the new version you downloaded earlier and run setup again. hope it works

Also Do rm -rf ~/.Wine/

Alright, a little bit of clearance of why i got pissed: You certainly once did something that pissed of your parents when you were young too, right? This is somewhat the same principle. Parents get mad at their children if they did something wrong that they should've known.

This is the same reason why I got mad. Itachi got a warning by Veil Evasion that he shouldn't upload it to virustotal, but he did anyway. Friendliness didn't work, so I did feel obliged to become a little rude to make it clear to him.

a message to itachi himself: don't think i hate you, because i don't. No one hates you because of your mistake, but i think i can speak for all of us that we would appreciate you not doing that anymore.

just wanted to clear a few things up.

-Phoenix750

Same, here am sorry OP i raged a little bit there, but please next time read the instructions and watch out

Flaming and raging only causes flare-ups in the community. Itachi may have missed the message when using Veil. He could have politely been informed as to why he shouldn't have done that. Just because your parents shout and get mad doesn't mean its good parenting.

Dude Veil evasion shouldnt be wasted like that, God knows when they will update it again, we might have to wait months, Damn

This is supposed to be a supportive learning community, not shout and flame over a simple mistake.

He did miss quite a big chunk of text there. Quite a big mistake if you ask me. Not big enough to start WW3 maybe, but still big enough to be a little upset about.

Flaming isn't really an acceptable thing yes, but getting upset about something quite big rarely seems to hurt the person in question. In fact, they usually learn from it.

-Phoenix750

Don't worry Phoenix, we know it had a reason, and it worked. We are just stating that caps lock and baiting is never the best option, especially with people you don't know the reaction yet. You didn't even exaggerate, but is better not to try.

Veil evasion is not going anywhere, until someone breaks the internet.

Well, I guess four people are a lot ;-)

have installed veil on kali linux. when i try to use it I face this error in its working process:

! ERROR: Can't find python.exe in /root/.wine/drivec/Python27/
! ERROR: Make sure the python.exe binary exists before using PyInstaller.