Metasploit mailing list archives
Re: Bug?: Timestomp doesn't work on Win7 32bit host
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Mon, 3 Jan 2011 10:28:02 -0400
forgot to mention you can change the MAC of files in the users %TEMP%, %APPDATA% and any file under hisr %SYTEMDRIVE%\Users%USERNAME% folder if UAC is enabled, anything outside of that you will get the Access Denied Error if you did not do a UAC bypass or Running with SYSTEM priv tokens On Jan 2, 2011, at 8:40 PM, Brian wrote:
Hi Ricky, It still fails even running as system:meterpreter > getsystem ...got system (via technique 1). meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied. meterpreter >-Brian On Sun, Jan 2, 2011 at 5:25 PM, ricky-lee birtles <mr.r.birtles () gmail com> wrote: Try running it as system On 3 Jan 2011 00:16, "Brian" <briaar () gmail com> wrote:Test host is a fresh Win7 32bit install. meterpreter > getuid Server username: WIN7\Administrator meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied. meterpreter > getsystem ...got system (via technique 1). meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied. meterpreter > I've also noticed meterpreter scripts that call "priv_fs_set_file_mace_from_file" also fail. Scripts error: Error changing MACE: Rex::Post::Meterpreter::RequestError priv_fs_set_file_mace_from_file: Operation failed: Access is denied. Any thoughts? Cheers, -Brian_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Carlos Perez (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Carlos Perez (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 02)