Today we are gonna talk about Veil-Catapult.Veil-Catapult is payload delivery for when metasploit’s psexec getting caught by AV.It utilizes Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution.It officially supported on kali linux only.I`m going to show you how to install Veil-Catapult in backtrack?
First if you have not already installed veil-evasion framework then first install it as mentionedhere.After installing Veil-evasion follow steps.
(1)First we will generate powershell payload; for this purpose i used SET.You can also used Veilor powersploit.Open SET in terminal & select Social-Engineering Attacks and then Powershell Attack Vectors.Generate Powershell Alphanumeric Shellcode Injector.Fill LHOST & LPORT value.
Our generated powershell payload is located into /root/.set/reports/powershell/. Rename x86_powershell_injection.txt to x32.ps1.
During brute-forcing every time you need custom password list & username list. Username list is as well as important as password list, it should be unique for every organization.If we use traditional large number of username list , then it will be tedious process.Custom username list also useful in username enumeration.
During information gathering stage , you may use jigsaw script. It is great script for gathering employees `s details like fullname, position, department, email addresses.You should use script with your jigsaw credential.
some times email address`s initial can be username of employee.So you can get different username from output of jigsaw script.
If you have full name of users then you can use username.py script to generate possible username by using different combination of first name & last name.
I also write bash script which generate possible username using first name, last name & birth date.
XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.
We are gonna learn using simple example. Download code from here & put it in your local server directory.(Code is created by Amol Naik )
Upload your cookie_catcher.php to server. For demo i used my local apache server & after execution of script it will redirect to 192.168.56.1.You can change the code according to your need. It will grab IP, cookie, Referer, time & date.
HOW TO INSTALL AND USE VEIL-CATAPULT IN BACKTRACK?
Reviewed by Sufyan Minhas