Home page logo

metasploit logo Metasploit mailing list archives

Re: Dealing with EWF (Enhanced Write Filter)
From: javatard <javatard () gmail com>
Date: Mon, 5 Apr 2010 10:26:34 -0400

Dear Lord, that was just too easy. I was over thinking it all. Once I had a
shell, I was able to disable EWF with no problems. I suppose I should have
tried that first instead of looking for a magic "pill" to get access to the
C: drive.

On Sun, Apr 4, 2010 at 8:47 PM, javatard <javatard () gmail com> wrote:

I have a test machine that I know is vulnerable to many things MS08-067
being just one. I have been successful in exploiting the test VM, but once I
enable EWF, I just end up crashing the virtual machine. I assume this is due
to EWF taking any changes that would be made to the machine and "writing"
the changes in RAM. So, I seem to be able to crash the machine just fine,
but I want to be able to circumvent EWF.
Does anyone have experience with working against EWF?

But that's just my opinion, I could be wrong.

But that's just my opinion, I could be wrong.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]