Metasploit mailing list archives
Re: Fun with antimeter
From: Chao Mu <chao.mu () minorcrash com>
Date: Sun, 17 Apr 2011 12:05:53 -0400
I truly laughed out loud when I read your email. Great job Nikhil, truly creative work! I recommend creating an account on the Metasploit issue tracker ( https://dev.metasploit.com/redmine/account/register ) and then submitting the patch as a "feature" ( https://dev.metasploit.com/redmine/projects/framework/issues/new ). While the official Metasploit team gives the thumbs up on mailing list submissions (someone correct me if I'm wrong), I find it fun to have an account. However, before you do, I noticed that you accidentally mixed tabs and spaces for indentation. Metasploit is tab-pure (as in, only use tabs for indentation) code base. Take another look at the file called HACKING in your metasploit director, if you haven't already. Also, we are transitioning from Meterpreter scripts to the brand new Post Modules, so you might want to take advantage of some of the awesomeness and convert it into a module. Take a look at modules/post/windows/gather/resolve_sid.rb if you want a simple reference. It's fairly trivial. Again, great work, keep it up :-) Let me know if you need any help. chao-mu. On Sat, Apr 16, 2011 at 11:43 AM, Nikhil Mittal <nikhil_uitrgpv () yahoo co in>wrote:
Hi List, Today I was playing with antimeter (A program from hack4career.com to detect and kill meterpreter in memory). It indeed detects and kills meterpreter. One thing I noticed is that antimeter do not checks its own memory for meterpreter. So I wrote this very small script which can be used to either kill antimeter or to migrate into it to avoid detection. I name it antiantimeter. hehe meterpreter > run antiantimeter -k [*] Searching for antimeter... [*] Found antimeter process 5116...Killing -------------------------------------------------------------------------------------------------------------------------------- meterpreter > run antiantimeter -m [*] Searching for antimeter... [*] Found antimeter process 2488...Migrating in it [*] Migrated into antimeter.exe - 2488 P.S. I have borrowed code from some existing scripts. Its just a script for fun do not expect anything useful ;) Nikhil Mittal @nikhil_mitt _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Fun with antimeter Nikhil Mittal (Apr 16)
- Re: Fun with antimeter Chao Mu (Apr 17)