Penetration Testing mailing list archives

Re: dumping hashes on box w/ Norton AV

From: Danett song <danett18 () yahoo com br>
Date: Fri, 11 May 2007 11:08:51 -0300 (ART)

Hello

If you are admin and can dump hashs, you can before it
kill the antivirus software...

cya

--- Neil <neil () horizontheory com> escreveu:

When I tried to run fgdump against a DC with Norton
AV Enterprise
running on it, Norton AV was able to block & flag
it.  At the time, it
wasn't a big deal (well, it was a good thing, since
that meant the
server was that much more secure); but now I'm a bit
interested in what
methods could be used to get around these sorts of
mechanisms.

How do you slip your tools past the AV when it flags
and deletes them on
the spot?

-- 
Neil.

------------------------------------------------------------------------

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020

------------------------------------------------------------------------



__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

dumping hashes on box w/ Norton AV Neil (May 10)
- Re: dumping hashes on box w/ Norton AV H D Moore (May 10)
  - RE: dumping hashes on box w/ Norton AV George M. Garner Jr. (May 11)
- Re: dumping hashes on box w/ Norton AV Teh Fizzgig (May 11)
- Re: dumping hashes on box w/ Norton AV Danett song (May 11)
  - Re: dumping hashes on box w/ Norton AV Peter Wood (May 11)
- <Possible follow-ups>
- Re: dumping hashes on box w/ Norton AV Bill Stout (May 11)