Home page logo

metasploit logo Metasploit mailing list archives

Re: windows/smb/psexec getting detected
From: Ron <ron () skullsecurity net>
Date: Mon, 17 May 2010 07:29:10 -0500

On Mon, 17 May 2010 02:54:22 -0700 Mark <maark86 () gmail com> wrote:
Sorry to send two emails, but until this gets worked out, is there
anything I can do for an interim fix? Maybe something using irb? I
could probably get away with just using the core psexec /
pass-the-hash functionality to exploit remotely, is that easy to do?


I realize this is shameless self promotion, but you can use Nmap's smb-psexec.nse script (that I wrote). But, if it's a 
heuristic detection, you might be outta luck -- it's pretty easy to detect psexec heuristically, I suspect. 

Are you sure it isn't just the payload getting detected, though? The actual psexec simply logs into the machine, 
uploads the payload, and creates a service pointing to the payload. Not a lot going on. 

Ron Bowes

Attachment: _bin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]