Metasploit mailing list archives
Re: anyone tested killav?
From: John Nash <rootsecurityfreak () gmail com>
Date: Wed, 8 Sep 2010 09:35:52 +0530
Rob, I used a private exploit created by our team to break in and already have system privs. I want to install some standard malware/rootkit to show the client how easy it is to do it. The minute i upload these files, the AV quarantines them. This is why i need to shut the AV down. Also, killing the AV will prove that even if you have a fully updated AV does not mean you are secure. In our review meeting the admin said "we updated our AVs everyday .... nobody can break in..." jn On Wed, Sep 8, 2010 at 12:13 AM, Rob Fuller <mubix () room362 com> wrote:
If you are already on the box, why do you need to kill av? Preemptive strike: Don't upload tools that get caught by AV. Or invest some time in making them so. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Tue, Sep 7, 2010 at 2:20 PM, John Nash <rootsecurityfreak () gmail com>wrote:I just tried it on a local setup with AVG 9 free edition and it is unable to kill the av processes. Checked the script and found that the latest version of AVG has many more processes loaded, so when killav kills some of them, i guess the watch dog process seems to bring them right back up. Anyone else notice the same issue? jn _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- anyone tested killav? John Nash (Sep 07)
- Re: anyone tested killav? Carlos Perez (Sep 07)
- Re: anyone tested killav? John Nash (Sep 07)
- Re: anyone tested killav? Jonathan Cran (Sep 07)
- Re: anyone tested killav? John Nash (Sep 07)
- Re: anyone tested killav? Rob Fuller (Sep 07)
- Re: anyone tested killav? John Nash (Sep 07)
- Re: anyone tested killav? Spring Systems (Sep 08)
- Re: anyone tested killav? John Nash (Sep 08)
- Re: anyone tested killav? Carlos Perez (Sep 07)