Veil-Pillage is a module that was developed as part of the main Veil-Framework. This can be utilized by the attackers during post-exploitation. In this section, we will take a quick look at how Veil-Pillage is organized and the different types of modules that can be utilized to achieve our goal of penetration testing.
The following diagram describes the different sections of the Veil-Pillage framework:
Further details on all of the available modules in the Pillage framework are as follows:
- Credentials: Provides a list of modules that can be utilized to grab all of the credentials and a hashdump of a compromised system with a valid username and password
- Enumeration: This section provides a list of modules that are specifically used for enumerating a domain network and also provides a module to validate the credentials
- Impacket: Can be utilized to run different types of shell (SMB, PsExec)
- Management: Manages and escalates privileges, such as enabling the remote desktop, logging off, and checking for UAC, and so on
- Payload_delivery: A list of modules that can be utilized to deliver a payload in different varieties, such as EXE and PowerShell
- Persistence: Key modules are included in the persistence session, such as adding local and domain users, finding sticky keys, and so on
- PowerSploit: This is the most important part of pillaging since this is where the modules are designed to perform remote code execution, data exfiltration, and run custom PowerShell exploits
Veil-Pillage can be directly cloned from GitHub by running git clone https://github.com/Veil-Framework/Veil-Pillage from the Terminal.
Once the repository has been cloned, use cd Veil-Pillage/ and update the package for the latest module updates by running ./update.py. git clone satisfies the older version of impacket, but it may not run Veil-Pillage so it is recommended that you run pip install impacket==0.9.13. Once the application has been downloaded, you can run /Veil-Pillage.py from the location of the clone, as shown in the following screenshot: