Metasploit mailing list archives
Re: KillAV script update - how to stop an NOT_STOPPABLEservice
From: roamer <iam () hackingyour net>
Date: Thu, 9 Sep 2010 12:35:10 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Any reason you aren't using net stop <service> ?I typically use net stop to start/stop services and sc to install/remove services.
Chris On Thu, 9 Sep 2010, Kevin McNamee wrote:
I have tried to use the “sc” command to stop a service on Windows 7 and get the response: [SC]: OpenService FAILED 5: Access is denied. The service was flagged as “STOPPABLE” and I’m running the “sc” command as administrator. Is there something else I have to do on Windows 7 to get enhanced privileges in addition to running as admin. km. From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of John Nash Sent: Wednesday, September 08, 2010 8:40 AM To: framework () spool metasploit com Subject: [framework] KillAV script update - how to stop an NOT_STOPPABLEservice I tried finding other .exe files running as AVG and also the services which are running. However, it is not as simple as "sc stop service_name" as you guys mentioned previously AVG has 2 services in its version 9 free version - avg9wd and avg9emc avg9emc is a STOPPABLE service and hence can be stopped using "net stop avg9emc" or "sc stop avg9emc" however, avg9wd is an NOT_STOPPABLE service and hence the above 2commands will not work on itthe way you can stop it is to first disable it by using "sc config avg9wd start= disabled" and then killing it. This way it will not be restartedafter it is killed.I guess this would change the flow of the script a little, as currently it just kills the processes hoping they will not be restarted. Just want to acknowledge that the above technique was taken from thisvideo on securitytube :http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-D eletion-and-AV-Killing%29-video.aspx http://bit.ly/bLbpFf (in case the above url breaks)it's a long video but he takes you through all the explanations ...i am python guy who is now forced to learn ruby coz of the love for metasploit :) if i get free weekend with ruby this week,,,,, i'll try and make the changes .. rgds, jn
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkyJDL4ACgkQOyWtx0Mtxawz4ACeKY/rkKhaGt2YVuuIhHLBc8Mc ckoAnRCOkHHUYAFfvnt9kPRLyQ0wuyRn =z72g -----END PGP SIGNATURE-----
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- KillAV script update - how to stop an NOT_STOPPABLE service John Nash (Sep 08)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice roamer (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)