Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: dumping hashes on box w/ Norton AV
From: "George M. Garner Jr." <gmgarner () erols com>
Date: Thu, 10 May 2007 22:47:08 -0400

HD,

A related approach, and one that is quite common nowadays, is to exploit the
AV as the entry point vector.  AV's typically do not "detect" themselves.

Regards,

George.  

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of H D Moore
Sent: Thursday, May 10, 2007 6:19 PM
To: pen-test () securityfocus com
Subject: Re: dumping hashes on box w/ Norton AV

The Metasploit 3 Meterpreter payload, with the "priv" extension, and the 
hashdump command. This avoids the AV by never writing to disk.

-HD

On Thursday 10 May 2007 17:03, Neil wrote:
How do you slip your tools past the AV when it flags and deletes them
on the spot?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault