Learning Ethical Hacking From Scratch - Lesson 69 [Generating an Undetectable Backdoor Using Veil]

Hello all,

I am taking the ethical hacking course created by @Zaid_Sabih and I am having trouble creating a fully undetectable backdoor with Veil Evasion. I was able to successfully clone Veil on Github and install it onto my Kali machine, however, the issue I run into is that when I generate the backdoor, it always gets detected by about half of the antiviruses or more.

I have followed the instructions in the video to change the options of the payload (go/meterpreter/reverse_https), such as changing the number of the SLEEP option, the PROCESSORS option, and setting options of my own such as UTCCHECK, RAMCHECK, CLICKTRACK, among others to attempt to make the signature look different. I have tried setting different combinations of these options but they still end up getting detected by a good portion of antivirus tools.

I have also tried different payloads in Veil Evasion, such as go/meterpreter/bind_tcp and python/meterpreter/bind_https, but they seem to all get detected by antivirus software regardless of which payload I use or the options I change. This only leads me to believe that since Zaid’s course was made a few years ago, antivirus programs have since developed more sophisticated abilities to detect the signatures generated in these payloads through Veil.

If anyone has found a workaround in how to make their payload undetectable by all or most antiviruses, I would be interested in seeing what method you used in order to do this.

Thanks,
OB

Hi electr07,

Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable…

So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.

Here’s a few solutions to try if your backdoor is getting detected:

  1. Make sure that you have the latest version of Veil, so do updated before doing use

  2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.

  3. Try generating a backdoor using the TheFatRat, Empire, or Phantom Evasion as shown in the below post

https://zsecurity.org/phantom-evasion-bypassing-anti-virus-and-hacking-windows-linuxmac-os-x-and-android/

  1. Modify backdoor code if its in bat (covered in the Social Engineering course)

  2. Modify backdoor using a hex editor (covered in the Social Engineering course).

  3. Create your own backdoor (covered in Python course).

Please let me know if you need anything else.
Thank you!

1 Like

Thanks for your suggestions, this is very helpful!

OB

hello do you have any idea about fatrat? it seems i have a problem in creating apk thank you @Zaid_Sabih

It just won’t work with all APKs, you’ll have to keep experimenting with different ones until it works.
Also make sure you set the java version to the one shown in the lecture.

Thank you @Zaid

Hi Zaid :slight_smile:
Sorry I dont know were to email you directly so here I go. I starting to take the Hacking from cratch as I am also taking other courses that are available in the VIP section. One funny thing happend to me today that sparked my interest about Mobil interception if that is what its called…My mother called me from another country in Europe where she stays and I personally am in Asia but when my mother called the phone/Mobil rang… it showed another number that was not hers.It showed a local number and not hers Have I been hacked or spoofed and in that case how do I resolve this issue as i intend to go and change my sim card or is there any other way to counter the people behind these attacks ?? :slight_smile:
Robert