Re: Bug?: Timestomp doesn't work on Win7 32bit host

[Brian <briaar () gmail com>]

Hi Ricky,

It still fails even running as system:
> meterpreter > getsystem
> ...got system (via technique 1).
> meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> meterpreter >

-Brian

On Sun, Jan 2, 2011 at 5:25 PM, ricky-lee birtles <mr.r.birtles () gmail com>wrote:

> Try running it as system
> On 3 Jan 2011 00:16, "Brian" <briaar () gmail com> wrote:
> > Test host is a fresh Win7 32bit install.
> >
> > meterpreter > getuid
> > Server username: WIN7\Administrator
> > meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> > [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> > [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> > meterpreter > getsystem
> > ...got system (via technique 1).
> > meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> > [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> > [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> > meterpreter >
> >
> > I've also noticed meterpreter scripts that call
> > "priv_fs_set_file_mace_from_file" also fail.
> >
> > Scripts error: Error changing MACE: Rex::Post::Meterpreter::RequestError
> > priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> >
> > Any thoughts?
> >
> > Cheers,
> >
> > -Brian
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework