Metasploit mailing list archives
Re: Bug?: Timestomp doesn't work on Win7 32bit host
From: Brian <briaar () gmail com>
Date: Mon, 3 Jan 2011 12:58:54 -0700
Hi Carlos, Here is the output from: print_status(is_uac_enabled?) print_status(is_admin?) print_status(client.sys.config.getuid.inspect) [ * ] false [ * ] true [ * ] "NT AUTHORITY\\SYSTEM" When I migrate to a SYSTEM process and attempt it, I still get "Operation failed: Access is denied." I know it is possible to set Created/Last modified/Last Accessed on Win7 -- check out: http://code.google.com/p/stexbar/downloads/list ^ This program works fine, maybe we could adapt some code from it? Cheers, -Brian On Mon, Jan 3, 2011 at 6:21 AM, Carlos Perez <carlos_perez () darkoperator com>wrote:
is UAC Enabled? R u sure you are running as admin? Windows 7 does not save the last access time of files only created and modified. If UAC is enabled and you are not running as SYSTEM withthe right tokens you will not be able to execute against those files, use this script to see if you have the right perms, place it in you ~/.msf3/scripts/meterpreter folder and run it inside the session you are having the problems. cheers, Carlos On Jan 2, 2011, at 8:10 PM, Brian wrote:Test host is a fresh Win7 32bit install. meterpreter > getuid Server username: WIN7\Administrator meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied. meterpreter > getsystem ...got system (via technique 1). meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied. meterpreter > I've also noticed meterpreter scripts that call"priv_fs_set_file_mace_from_file" also fail.Scripts error: Error changing MACE: Rex::Post::Meterpreter::RequestErrorpriv_fs_set_file_mace_from_file: Operation failed: Access is denied.Any thoughts? Cheers, -Brian _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Carlos Perez (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 02)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Carlos Perez (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host Brian (Jan 03)
- Re: Bug?: Timestomp doesn't work on Win7 32bit host ricky-lee birtles (Jan 02)