Re: Bug?: Timestomp doesn't work on Win7 32bit host

[Carlos Perez <carlos_perez () darkoperator com>]

is UAC Enabled? R u sure you are running as admin? Windows 7 does not save the last access time of files only created 
and modified.  If UAC is enabled and you are not running as SYSTEM withthe right tokens you will not be able to execute 
against those files, use this script to see if you have the right perms, place it in you ~/.msf3/scripts/meterpreter 
folder and run it inside the session you are having the problems.

cheers,
Carlos

Attachment: info.rb
Description:

On Jan 2, 2011, at 8:10 PM, Brian wrote:

> Test host is a fresh Win7 32bit install.
>
> meterpreter > getuid
> Server username: WIN7\Administrator
> meterpreter >  timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> meterpreter > getsystem
> ...got system (via technique 1).
> meterpreter >  timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> meterpreter >
>
> I've also noticed meterpreter scripts that call "priv_fs_set_file_mace_from_file" also fail.
>
> Scripts error: Error changing MACE: Rex::Post::Meterpreter::RequestError priv_fs_set_file_mace_from_file: Operation 
> failed: Access is denied.
>
> Any thoughts?
>
> Cheers,
>
> -Brian
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework