Metasploit mailing list archives
Re: KillAV script update - how to stop an NOT_STOPPABLEservice
From: "Kevin McNamee" <kevin () kindsight net>
Date: Thu, 9 Sep 2010 12:16:01 -0400
I have tried to use the "sc" command to stop a service on Windows 7 and get the response: [SC]: OpenService FAILED 5: Access is denied. The service was flagged as "STOPPABLE" and I'm running the "sc" command as administrator. Is there something else I have to do on Windows 7 to get enhanced privileges in addition to running as admin. km. From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of John Nash Sent: Wednesday, September 08, 2010 8:40 AM To: framework () spool metasploit com Subject: [framework] KillAV script update - how to stop an NOT_STOPPABLEservice I tried finding other .exe files running as AVG and also the services which are running. However, it is not as simple as "sc stop service_name" as you guys mentioned previously AVG has 2 services in its version 9 free version - avg9wd and avg9emc avg9emc is a STOPPABLE service and hence can be stopped using "net stop avg9emc" or "sc stop avg9emc" however, avg9wd is an NOT_STOPPABLE service and hence the above 2 commands will not work on it the way you can stop it is to first disable it by using "sc config avg9wd start= disabled" and then killing it. This way it will not be restarted after it is killed. I guess this would change the flow of the script a little, as currently it just kills the processes hoping they will not be restarted. Just want to acknowledge that the above technique was taken from this video on securitytube : http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitati on-Log-Deletion-and-AV-Killing%29-video.aspx http://bit.ly/bLbpFf (in case the above url breaks) it's a long video but he takes you through all the explanations ... i am python guy who is now forced to learn ruby coz of the love for metasploit :) if i get free weekend with ruby this week,,,,, i'll try and make the changes .. rgds, jn
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- KillAV script update - how to stop an NOT_STOPPABLE service John Nash (Sep 08)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice roamer (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)