Home page logo
/

metasploit logo Metasploit mailing list archives

Re: windows/smb/psexec getting detected
From: Ron <ron () skullsecurity net>
Date: Mon, 17 May 2010 07:29:10 -0500

On Mon, 17 May 2010 02:54:22 -0700 Mark <maark86 () gmail com> wrote:
Sorry to send two emails, but until this gets worked out, is there
anything I can do for an interim fix? Maybe something using irb? I
could probably get away with just using the core psexec /
pass-the-hash functionality to exploit remotely, is that easy to do?

Thanks,
Mark

I realize this is shameless self promotion, but you can use Nmap's smb-psexec.nse script (that I wrote). But, if it's a 
heuristic detection, you might be outta luck -- it's pretty easy to detect psexec heuristically, I suspect. 

Are you sure it isn't just the payload getting detected, though? The actual psexec simply logs into the machine, 
uploads the payload, and creates a service pointing to the payload. Not a lot going on. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault