Metasploit mailing list archives
Anti-Virus Issues
From: lists at carnal0wnage.com (cg)
Date: Fri, 27 Jun 2008 08:53:20 -0400
if sticking the .exe in system32\yourmom doesn't work AND since you said the user add payload is working... If you have an account on the box, why dont you just remote desktop in and turn the AV off? or using psexec or winexe connect to the box with your credentials, find a location that the AV WILL allow you to run an exe from and just put it and execute it from there (like a meterpreter payload). Maybe another option is the download and execute payload, depending on where it downloads it to (obviously) hth -CG On Thu, 2008-06-26 at 14:06 -0700, Stewart Fey wrote:
Does anyone have a suggestion for evadating anti-virus on target machines. Specifically McAfee's ability to deny executables from running in SYSTEM ROOT or SYSTEM32 or temp directories. I am testing out SMB_Relay and all attempts to get a shell fail. When the exploit runs, the victim system thows an application error for all payloads I have tested. The exception was the add_user payload, which sucessfully added a user to the victims box. 2nd part of this, if I'm using SMB_Relay, I shouldn't need to upload any payload to get a shell since all I'm doing to connecting back to the victim or relaying credentials to a 3rd system. Any advise would be welcome... Stewart _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- Anti-Virus Issues Stewart Fey (Jun 26)
- Anti-Virus Issues H D Moore (Jun 26)
- Anti-Virus Issues cg (Jun 27)