From: George M. Garner Jr. (gmgarner@erols.com)
Date: Thu May 10 2007 - 22:47:08 EDT
HD,
A related approach, and one that is quite common nowadays, is to exploit the
AV as the entry point vector. AV's typically do not "detect" themselves.
Regards,
George.
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of H D Moore
Sent: Thursday, May 10, 2007 6:19 PM
To: pen-test@securityfocus.com
Subject: Re: dumping hashes on box w/ Norton AV
The Metasploit 3 Meterpreter payload, with the "priv" extension, and the
hashdump command. This avoids the AV by never writing to disk.
-HD
On Thursday 10 May 2007 17:03, Neil wrote:
> How do you slip your tools past the AV when it flags and deletes them
> on the spot?
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT