Relationship Graph

Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
0002365Kali LinuxKali Package Bugpublic2015-07-29 22:36
Reporterg0tmi1k Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Fixed in Version2.0 
Summary0002365: Veil-Evasion Self Destructing.
Description

Name: veil-evasion
Package Version: 2.20-0kali1
Homepage: https://github.com/Veil-Framework/Veil-Evasion

After installing viel, when you first run it - it tries to detect /etc/veil/settings.py (which is missing).
As a result, it will automatically execute ./setup/setup.sh.
During this shell script it does the following (source: https://github.com/Veil-Framework/Veil-Evasion/commit/778300a185ed907cf6acd34757addfc0645a420c):

sudo apt-get remove -y veil-evasion

...which removes the package, during the first run =(
I've worked with one the devs, & fixed this upstream. This shouldn't happen in the latest commits =).

Steps To Reproduce

Fix: The program needs to be updated from any commit/releases from 8th July 2015 onwards (v2.21.4 or later).

After installing the package, setup/setup.sh needs to be executed (using the -s flag will silent/automate the install) before you can use Veil-Evasion (not sure if this should happen automatically when package is installed) .
This is because there are WINE programs (and go) that need to be installed & configured. The bash script automates all of this.

Additional Information

Cannot update package until 0002364 (https://bugs.kali.org/view.php?id=2364) is complete - symmetricjsonrpc in the kali repos.
After this, Ill make another pull request to get setup/setup.sh updated.

(Some of the) Program dependencies:
sudo mingw-w64 monodoc-browser monodevelop mono-mcs wine unzip ruby golang wget git python python-crypto python-pefile python-pip ca-certificates ttf-mscorefonts-installer metasploit python-capstone pyinstaller

Relationships

duplicate of 0002421 resolvedsbrun Please update veil-evasion 
child of 0002364 resolved Python's symmetricjsonrpc (Veil-Evasion Dependency) 

Activities

muts

muts

2015-06-29 15:24

reporter   ~0003445

My view is that we should not be executing the setup script on first run, as this could easily break kali in future upstream updates. We are probably better off seeing what wine configurations are applied, and applying those via postinst scripts.

g0tmi1k

g0tmi1k

2015-06-29 16:40

administrator   ~0003446

Last edited: 2015-07-11 17:09

Unfortunately... lots.
Source: https://github.com/Veil-framework/veil-Evasion/blob/master/setup/setup.sh

Summary:

Python

  • Python 2.7.5
  • pywin32
  • pycrypto
  • 3x ZIP files - all are required to install Python via WINE.

Ruby

  • Ruby 1.8.7
  • Ruby gem ocra
  • 1x ZIP file (not sure what it does)

Go

  • Cross compile to allow Windows i386 builds.
sbrun

sbrun

2015-07-21 09:37

manager   ~0003544

Hello,
I pushed the new version 2.21.1-0kali1 i sana and kali-dev only. I upgraded the setup/setup.sh to avoid the remove of veil-evasion and few other details about installation. I also packaged python-symmetric-jsonrpc for sana and kali-dev-only.
I packaged the version 2.12.1 because it's the latest upstream tagged release.

g0tmi1k

g0tmi1k

2015-07-21 09:42

administrator   ~0003545

Last edited: 2015-07-21 09:50

Anyway of getting python-symmetric-jsonrpc for moto main?

This way, I can make a PR upstream, fixing the setup.sh - then it can be tagged as a new release.

The tool supports kali 1.0 as thats the only thing thats out.
Else, I can't make a PR/merge upstream until sana has been released (and the package would then need to be updated again after launch).

sbrun

sbrun

2015-07-21 09:58

manager   ~0003546

I just pushed python-symmetric-jsonrpc in moto. Maybe it will take few hours before it reaches the mirrors.

g0tmi1k

g0tmi1k

2015-07-27 09:13

administrator   ~0003594

Pull request made: https://github.com/Veil-Framework/Veil-Evasion/pull/197

Asked author to tag release after merging.

g0tmi1k

g0tmi1k

2015-07-28 13:45

administrator   ~0003610

Last edited: 2015-07-28 13:54

Merged & tagged!
Any releases from v2.21.1.1 onwards, should have the fixes ~ https://github.com/Veil-Framework/Veil-Evasion/releases/

Note, I've tested 2.21.1-0kali1 release (on kali 2) and there's various issues with the program's setup method (not the packaging).

Example of issues:

[>] Please enter a command: use 17

=========================================================================
 Veil-Evasion | [Version]: 2.21.1
=========================================================================
 [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
=========================================================================

 Payload: native/Hyperion loaded

 Required Options:

 Name           Current Value   Description
 ----           -------------   -----------
 original_exe                   The executable to run Hyperion on

 Available commands:

    set             set a specific option value
    info            show information about the payload
    generate        generate payload
    back            go to the main menu
    exit            exit Veil

 [>] Please enter a command: set original_exe  /usr/share/windows-binaries/whoami.exe
 [>] Please enter a command: generate

[*] Running Hyperion on /usr/share/windows-binaries/whoami.exe...

Error during Hyperion execution:

[>] Press any key to return to the main menu:

[>] Please enter a command: use python/meterpreter/rev_tcp

=========================================================================
Veil-Evasion | [Version]: 2.21.1

=========================================================================

Payload: python/meterpreter/rev_tcp loaded

Required Options:

Name Current Value Description


LHOST IP of the metasploit handler
LPORT 4444 Port of the metasploit handler
architecture 32 Select the final binary architecture
compile_to_exe Y Compile to an executable
expire_payload X Optional: Payloads expire after "X" days
use_pyherion N Use the pyherion encrypter

Available commands:

set             set a specific option value
info            show information about the payload
generate        generate payload
back            go to the main menu
exit            exit Veil

[>] Please enter a command: set LHOST 127.0.0.1
[>] Please enter a command: generate

=========================================================================
Veil-Evasion | [Version]: 2.21.1

=========================================================================

[*] Press [enter] for 'payload'
[>] Please enter the base name for output files:

[?] How would you like to create your payload executable?

 1 - Pyinstaller (default)
 2 - Pwnstaller (obfuscated Pyinstaller loader)
 3 - Py2Exe

[>] Please enter the number of your choice: 1
Error: PyInstaller for Python 2.6+ on Windows needs pywin32.
Please install from http://sourceforge.net/projects/pywin32/
mv: cannot stat ‘dist/payload1.exe’: No such file or directory
rm: cannot remove ‘.spec’: No such file or directory
rm: cannot remove ‘logdict
.*’: No such file or directory

=========================================================================

rhertzog

rhertzog

2015-07-29 21:56

administrator   ~0003639

So I uploaded veil-evasion_2.21.1.1-0kali1.dsc to kali-dev. I did not have the time to test it yet. I'd love if you could test it for me as soon as it's built.

In case it's not yet in sana, you can grab the .deb on http://repo.kali.org/kali/pool/main/v/veil-evasion/ and install it manually in your sana installation to test it.

rhertzog

rhertzog

2015-07-29 22:08

administrator   ~0003640

I managed to test the package and it seems to work fine. Both your samples lead to the creation of a payload.exe file...

g0tmi1k

g0tmi1k

2015-07-29 22:30

administrator   ~0003641

Last edited: 2015-07-29 22:36

Ran the same two tests from before (native/Hyperion & python/meterpreter/rev_tcp) - working great!

The setup script completed without any issues.
In my eyes the self destructing issue/bug that started all of this, has been removed!

...If we want to, can do a automated setup install 'bash ./setup/setup.sh -s" (no user prompts - same output)

Issue History

Date Modified Username Field Change
2015-06-29 15:19 g0tmi1k New Issue
2015-06-29 15:20 g0tmi1k Relationship added child of 0002364
2015-06-29 15:24 muts Note Added: 0003445
2015-06-29 16:36 g0tmi1k Additional Information Updated
2015-06-29 16:36 g0tmi1k Description Updated
2015-06-29 16:40 g0tmi1k Note Added: 0003446
2015-06-29 16:41 g0tmi1k Note Edited: 0003446
2015-06-29 16:44 g0tmi1k Note Edited: 0003446
2015-07-11 17:05 g0tmi1k Note Edited: 0003446
2015-07-11 17:07 g0tmi1k Steps to Reproduce Updated
2015-07-11 17:08 g0tmi1k Additional Information Updated
2015-07-11 17:09 g0tmi1k Note Edited: 0003446
2015-07-12 06:42 g0tmi1k Steps to Reproduce Updated
2015-07-21 09:16 g0tmi1k Relationship added duplicate of 0002421
2015-07-21 09:37 sbrun Note Added: 0003544
2015-07-21 09:42 g0tmi1k Note Added: 0003545
2015-07-21 09:45 g0tmi1k Note Edited: 0003545
2015-07-21 09:46 g0tmi1k Note Edited: 0003545
2015-07-21 09:46 g0tmi1k Note Edited: 0003545
2015-07-21 09:50 g0tmi1k Note Edited: 0003545
2015-07-21 09:50 g0tmi1k Note Edited: 0003545
2015-07-21 09:58 sbrun Note Added: 0003546
2015-07-27 09:13 g0tmi1k Note Added: 0003594
2015-07-27 14:45 rhertzog Assigned To => rhertzog
2015-07-27 14:45 rhertzog Status new => assigned
2015-07-28 13:45 g0tmi1k Note Added: 0003610
2015-07-28 13:49 g0tmi1k Note Edited: 0003610
2015-07-28 13:54 g0tmi1k Note Edited: 0003610
2015-07-29 21:56 rhertzog Note Added: 0003639
2015-07-29 22:08 rhertzog Note Added: 0003640
2015-07-29 22:08 rhertzog Status assigned => resolved
2015-07-29 22:08 rhertzog Fixed in Version => 2.0
2015-07-29 22:08 rhertzog Resolution open => fixed
2015-07-29 22:30 g0tmi1k Note Added: 0003641
2015-07-29 22:36 g0tmi1k Note Edited: 0003641