Metasploit mailing list archives
Re: KillAV script update - how to stop an NOT_STOPPABLEservice
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Thu, 9 Sep 2010 12:24:46 -0400
Is UAC enabled? the registry keys it modifies are in HKLM so if UAC is enabled you will not be able to modify them unless you are running as system Sent from my iPhone On Sep 9, 2010, at 12:16 PM, "Kevin McNamee" <kevin () kindsight net> wrote:
I have tried to use the “sc” command to stop a service on Windows 7 and get the response: [SC]: OpenService FAILED 5: Access is denied. The service was flagged as “STOPPABLE” and I’m running the “sc” command as administrator. Is there something else I have to do on Windows 7 to get enhanced privileges in addition to running as admin. km. From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of John Nash Sent: Wednesday, September 08, 2010 8:40 AM To: framework () spool metasploit com Subject: [framework] KillAV script update - how to stop an NOT_STOPPABLEservice I tried finding other .exe files running as AVG and also the services which are running. However, it is not as simple as "sc stop service_name" as you guys mentioned previously AVG has 2 services in its version 9 free version - avg9wd and avg9emc avg9emc is a STOPPABLE service and hence can be stopped using "net stop avg9emc" or "sc stop avg9emc" however, avg9wd is an NOT_STOPPABLE service and hence the above 2 commands will not work on it the way you can stop it is to first disable it by using "sc config avg9wd start= disabled" and then killing it. This way it will not be restarted after it is killed. I guess this would change the flow of the script a little, as currently it just kills the processes hoping they will not be restarted. Just want to acknowledge that the above technique was taken from this video on securitytube : http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx http://bit.ly/bLbpFf (in case the above url breaks) it's a long video but he takes you through all the explanations ... i am python guy who is now forced to learn ruby coz of the love for metasploit :) if i get free weekend with ruby this week,,,,, i'll try and make the changes .. rgds, jn _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- KillAV script update - how to stop an NOT_STOPPABLE service John Nash (Sep 08)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice roamer (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Carlos Perez (Sep 09)
- Re: KillAV script update - how to stop an NOT_STOPPABLEservice Kevin McNamee (Sep 09)