I am using a veil evasion exploit that is embedded inside a Excel document, and is not detected by AV. I have tested it myself on different WAN computers(windows only) and it has worked perfectly, but now I tried to execute on on another computer(the victim a friend, knowingly doing it) but I asked him not to tell me if he has a MAC or Windows Comptuer. If it worked on windows before with WAN computers, can I assume since it is stuck on the sending stage that the exploit is not compatible and so he must be using a Apple Mac computer? As it has worked on windows 10, 7, and xp so the only reason I can see is that he is using MAC, since it has been tested on WAN with different windows and different excel versions.
Thanks
4 Responses
Not necessarily. What exploit and payload are you using?
well i i think thats what happening is is that te exploit succeeds Then the Victim asks for the second stage but it fails to run it so it might be because an AV detects (which is not likely since iTS in memory) it can also be that the second stage doesn't work another thing is that maybe the victim cant connect to your handler
Maybe this info helps if there are any mistakes i made pls correct me
The exploit I used was veil evasion base64 substitution. I then used a python program to help me embed it into excel. It does work on other computers and I have tried a bunch of av and none found it. So I don't see how av would of blocked it.
What would be the reason it would not connect back to me that? I have it set to port 443 and with all other laptops I've tried it worked and I didn't mess with firewall at all.
So I am a little stumped on why that would happen mean it should work on any excel but I only tested 2013 and 2010 so not 100% sure.
Just check the source code.
Share Your Thoughts