Penetration Testing mailing list archives
Re: dumping hashes on box w/ Norton AV
From: Danett song <danett18 () yahoo com br>
Date: Fri, 11 May 2007 11:08:51 -0300 (ART)
Hello If you are admin and can dump hashs, you can before it kill the antivirus software... cya --- Neil <neil () horizontheory com> escreveu:
When I tried to run fgdump against a DC with Norton AV Enterprise running on it, Norton AV was able to block & flag it. At the time, it wasn't a big deal (well, it was a good thing, since that meant the server was that much more secure); but now I'm a bit interested in what methods could be used to get around these sorts of mechanisms. How do you slip your tools past the AV when it flags and deletes them on the spot? -- Neil.
------------------------------------------------------------------------
This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020
------------------------------------------------------------------------
__________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- dumping hashes on box w/ Norton AV Neil (May 10)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)
- RE: dumping hashes on box w/ Norton AV George M. Garner Jr. (May 11)
- Re: dumping hashes on box w/ Norton AV Teh Fizzgig (May 11)
- Re: dumping hashes on box w/ Norton AV Danett song (May 11)
- Re: dumping hashes on box w/ Norton AV Peter Wood (May 11)
- <Possible follow-ups>
- Re: dumping hashes on box w/ Norton AV Bill Stout (May 11)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)