102ada821a55c0245b3b1cfe82bec37f

 

Today we are gonna talk about Veil-Catapult. Veil-Catapult is a payload delivery tool that integrates with Veil-Evasion for payload generation, Veil-Catapult is payload delivery for when metasploitâs psexec getting caught by AV.It utilizes Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution.It officially support on kali linux.

 
Veil-Catapult’s code is located at https://github.com/Veil-Framework/Veil-Catapult/ and it’s part of the Veil superproject at https://github.com/Veil-Framework/Veil/

 

 
First if you have not already installed veil-evasion framework then first install it as mentioned here.  After installing Veil-evasion follow steps.

 
#wget -c https://github.com/Veil-Framework/Veil-Catapult/archive/master.zip
#unzip -q master.zip
#cd Veil-Catapult-master/
#sh setup.sh

 

 

 

Screenshot from 2014-06-22 11:22:21

 

Now veil-catapult require impacket library & passing the hash toolkit.So setup script try to install PTH suite but we got error.So we have to manually do it.

 

 

 

 

Install Passing The Hash.

 

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credential.

 

#wget https://passing-the-hash.googlecode.com/files/wmiPTH-1.0-1.deb

#wget https://passing-the-hash.googlecode.com/files/winexePTH1.1.0-1.deb

#dpkg -i winexePTH1.1.0-1.deb

#dpkg -i wmiPTH-1.0-1.deb

 

 

Screenshot from 2014-06-22 11:23:27

 

 

 

Install Impacket Library

 

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner.

 

 

#wget -c https://pypi.python.org/packages/source/i/impacket/impacket-0.9.11.tar.gz

#tar -xzf impacket-0.9.11.tar.gz

#cd impacket

#python setup.py build

 

 

Screenshot from 2014-06-22 11:26:34

 

 

I know you have question that we can install it , but when we tried to install , it installed succesfully ;but some of modules are missing.So we first gonna build it then copy it. Now copy folder impacket from build/lib.linux-x86_64-2.7/ and paste it into /usr/lib/pymodules/python2.7
#cp -r build/lib.linux-x86_64-2.7/ /usr/lib/pymodules/python2.7

 
Now everything is ready ,we can run it. Before that open /etc/veil/settings.py and checkout all path.

#python Veil-Catapult.py

 

Screenshot from 2014-06-22 11:30:51

 
Veil-Catapult had a following standlone payload creating techniques.
Powershell Injector

Barebones Python Injector

Sethc Backdoor

 

Screenshot from 2014-06-26 16:30:43

 

 

coming posts i will explain, how to use Veil-Catapult to create payloads and delivering it to the victims by not getting caught by AV.