Tag: Meterpreter
-
SideStep: Another AV Evasion Tool
A few years ago I was working on a basic penetration test and came across a remote code execution vulnerability. I tried using Metasploit to deliver a payload but it became evident that the host’s antivirus software was removing the executable. See this article as a reference. This was shortly after the initial release of…
Josh Berry
-
Manually Penetrating the Ektron Vulnerability – CVE-2012-5357
My posts are a little bit out of order here in that this was one of the first vulnerabilities that I came across in which the Metasploit modules failed due to a combination of DEP and AV. The result was researching AV bypass techniques that I began discussing here, and then here, and then figuring…
Josh Berry
-
Follow Up on SYSTEM to Domain Admin Post
I learned a few new things and made a few updates to my script after the last post that I thought I would share. First things first, someone commented on the article on another site and mentioned that the Metasploit module auxiliary/scanner/smb/smb_enumusers_domain provides the same functionality over SMB by calling the Windows NetWkstaUserEnum function. Example…
-
SYSTEM to Domain Admin – Technique One
Today I am going to give a quick overview of one of my favorite ways to escalate from SYSTEM level privileges on a single host, to domain admin level and more on a Windows network. There are many ways and techniques to accomplish jumping from SYSTEM to domain admin, this just happens to be one…
Josh Berry
-
Manually Penetrating the FCKedit Vulnerability – CVE-2009-2265
I am seeing more and more scenarios where for whatever reason, the Metasploit modules, and modules from commercial solutions I use, aren’t successful against a known vulnerable host. This is often due to DEP or antivirus protections that I discussed here and again here. There can also be other security mechanisms at play from time…
Josh Berry
-
Follow Up on DEP and AV Bypass
This is a continuation of research based on my adventures on a penetration testing engagement described here. There were a few key features that I really wanted to add to enhance my DEP/AV bypass tool: Bypass a majority of AV systems Remove the dependency on the msvcr100d.dll file Combine the Metasploit payload in the shellcodeexec…
-
Adventures in Penetration Testing: When DEP and AV Muck it Up
A while back I was performing a network penetration test and came across a remote code execution vulnerability in one of the web applications hosted at the site. It got me excited because I just knew it was going to result in some level of access to the host. It looked like a pretty simple…
CodeWatch 