Penetration Testing mailing list archives
Re: dumping hashes on box w/ Norton AV
From: Teh Fizzgig <fizzgig () foofus net>
Date: Thu, 10 May 2007 20:18:44 -0500
Neil wrote:
When I tried to run fgdump against a DC with Norton AV Enterprise running on it, Norton AV was able to block & flag it. At the time, it wasn't a big deal (well, it was a good thing, since that meant the server was that much more secure); but now I'm a bit interested in what methods could be used to get around these sorts of mechanisms.
Curious - what version of fgdump? 1.5.0 is more evasive when it comes to AV, and if it's still being picked up, I'm very interested to find out by what. --fizzgig ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- dumping hashes on box w/ Norton AV Neil (May 10)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)
- RE: dumping hashes on box w/ Norton AV George M. Garner Jr. (May 11)
- Re: dumping hashes on box w/ Norton AV Teh Fizzgig (May 11)
- Re: dumping hashes on box w/ Norton AV Danett song (May 11)
- Re: dumping hashes on box w/ Norton AV Peter Wood (May 11)
- <Possible follow-ups>
- Re: dumping hashes on box w/ Norton AV Bill Stout (May 11)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)