Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Fun with antimeter

From: Nikhil Mittal <nikhil_uitrgpv () yahoo co in>
Date: Sat, 16 Apr 2011 21:13:41 +0530 (IST)
Hi List,

Today I was playing with antimeter (A program from hack4career.com to detect and kill meterpreter in memory). It indeed 
detects and kills meterpreter. One thing I noticed is that antimeter do not checks its own memory for meterpreter.

So I wrote this very small script which can be used to either kill antimeter or to migrate into it to avoid detection. 
I name it antiantimeter. hehe

meterpreter > run antiantimeter -k
[*] Searching for antimeter...
[*] Found antimeter process 5116...Killing
--------------------------------------------------------------------------------------------------------------------------------
meterpreter > run antiantimeter -m
[*] Searching for antimeter...
[*] Found antimeter process 2488...Migrating in it
[*] Migrated into antimeter.exe -  2488


P.S. I have borrowed code from some existing scripts. Its just a script for fun do not expect anything useful ;)


Nikhil Mittal
@nikhil_mitt

Attachment: antiantimeter.rb
Description: 

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: