The Veil-Framework team loves getting feedback from the community and like to hear if Veil works well for you, and learn about new ways we can add to the software that we hadn’t yet thought of/done. We were recently asked if any Veil payloads expire, and up until this point, they never did. This was a really interesting request as we hadn’t thought about adding this feature to Veil payloads, and we immediately began looking into it. In our latest V-Day release, we updated our Python payloads to support a date based expiration.
As you can see in the picture above, we now have an extra option for Python payloads, the “expire_payload” option. To force a payload to expire after a certain number of days (in this instance, we’ll go with 10), we need to change the default value of “X”. You can change it exactly how you change any Veil payload’s options, using the set command.
The way that option works, is upon the creation of the backdoor, Veil stores the current date within the payload. Upon running on your victim machine, the payload will compare the current date on the victim system, to the date that it is supposed to expire. If it is past the expiration date, the payload will simply exit. If the payload is still within the allowed timeframe, it will inject your shellcode into memory and operate as it always does.
We hope that this feature helps, and we’d love to hear any feedback and/or additional feature requests!