Description: Using SET & WCE to pull passwords off a fully patched Windows 7 box running MSE. @fjhackett
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
That's interesting - thank you. I've looked into wce.exe and it's flagged by my AVG but your target's AV (MS Security Essentials) was fully patched. How come the difference? Is AVG better at picking this up than the MS product or is it related to the fact that you uploaded wce.exe after you had exploited the target system? Did using SET somehow protect the uploaded wce.exe against MS SE?
I simply downloaded wce.exe to see the commandline options etc.
I'm quite familiar with this attack. Unfortunately it doesn't always work. How do you get around UAC and obtain system priviledges? "getsystem" fails if you have it enabled. There's a script called "bypassuac" you can run but it uploads a payload that gets detected by most AV.
I'm sure others have run into the same problem. Any suggestion?
Thanks,
PS: Cool Panda :)
Ignatius - I made the needed changes to wce.exe so MSE wouldn't pick up on it.
PoisonReverse - there are numerous ways to get past UAC. My victim box in this vidoe had it disabled. Would it be beneficial to you if I may another video showing how to get around UAC on a box with AV?
hit me up @fjhackett
Sorry but i didn't get how the windows system connects to your faked site when you type in gmail.com?! did you mitm it?
koll4ps: dns spoof
Hackett - would you care to elaborate what changes you made to wce.exe?
just some hex editing and packing
Thank you. How did you determine what hex editing to do to retain functionality yet avoid AV?