Anti-Virus Issues

[lists at carnal0wnage.com (cg)]

if sticking the .exe in system32\yourmom doesn't work AND since you said
the user add payload is working...

If you have an account on the box, why dont you just remote desktop in
and turn the AV off? or using psexec or winexe connect to the box with
your credentials, find a location that the AV WILL allow you to run an
exe from and just put it and execute it from there (like a meterpreter
payload).

Maybe another option is the download and execute payload, depending on
where it downloads it to (obviously)

hth

-CG



On Thu, 2008-06-26 at 14:06 -0700, Stewart Fey wrote:
> Does anyone have a suggestion for evadating anti-virus on target
> machines.  Specifically McAfee's ability to deny executables from
> running in SYSTEM ROOT or SYSTEM32 or temp directories.  I am testing
> out SMB_Relay and all attempts to get a shell fail.  When the exploit
> runs, the victim system thows an application error for all payloads I
> have tested.  The exception was the add_user payload, which
> sucessfully added a user to the victims box.
>  
> 2nd part of this, if I'm using SMB_Relay, I shouldn't need to upload
> any payload to get a shell since all I'm doing to connecting back to
> the victim or relaying credentials to a 3rd system.
>  
> Any advise would be welcome...
>  
> Stewart
>
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework