Metasploit mailing list archives
psexec/meterpreter wonky behavior?
From: macubergeek <macubergeek () comcast net>
Date: Wed, 18 Apr 2012 18:18:58 -0400
So I've identified boxes which use a default local Admin account.
I psexec into a box with those creds and am presented with a meterpreter shell sweet
I upload wce.exe
drop to a shell and attempt to execute it, I'm presented with this error:
The process cannot access the file because it is being used by another
process.
I try to delete wce.exe and get the same error.
I guessed that AV is blocking me.
I get back on the same box the next day I drop to a shell, I can execute wce.exe just fine and then delete it just fine.
Does anyone know what happened here? AV is the only explanation I can think of. I've been googling this for days now….
Jim
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%49%66%20%79%6F%75%20%63%61%6E%20%72%65%61%64%20%74%68%69%73%20%79%6F%75%20%6E%65%65%64%20%74%6F%20%67%65%74%20%61%20%67%69%72%6C%66%72%69%65%6E%64%2E
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- psexec/meterpreter wonky behavior? macubergeek (Apr 18)
- Re: psexec/meterpreter wonky behavior? Rob Fuller (Apr 18)
- Re: psexec/meterpreter wonky behavior? Jim Kelly (Apr 19)
- Re: psexec/meterpreter wonky behavior? Rob Fuller (Apr 18)