Metasploit mailing list archives
Re: windows/smb/psexec getting detected
From: Ron <ron () skullsecurity net>
Date: Mon, 17 May 2010 07:29:10 -0500
On Mon, 17 May 2010 02:54:22 -0700 Mark <maark86 () gmail com> wrote:
Sorry to send two emails, but until this gets worked out, is there anything I can do for an interim fix? Maybe something using irb? I could probably get away with just using the core psexec / pass-the-hash functionality to exploit remotely, is that easy to do? Thanks, Mark
I realize this is shameless self promotion, but you can use Nmap's smb-psexec.nse script (that I wrote). But, if it's a heuristic detection, you might be outta luck -- it's pretty easy to detect psexec heuristically, I suspect. Are you sure it isn't just the payload getting detected, though? The actual psexec simply logs into the machine, uploads the payload, and creates a service pointing to the payload. Not a lot going on. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- windows/smb/psexec getting detected Mark (May 17)
- Re: windows/smb/psexec getting detected Ron (May 17)