Learn how to kill Anti virus on your victim's machine :p 01-25-2014, 03:31 PM
#1
Pwned ? :troll:
Hey guys ? it's me Zaid your frnd with new tutorial some of you may know dafuq i am talking about but on other side some of you dont know dafuq i am talking about.. today's tutorial is about to kill anti virus on your victim's Machine
everybody wants to Hack PC but sometimes you got owned by Anti virus
so lets try something new today (Y)
![[Image: hacking+remote+pc+target+metasploit+smb+...ktrack.JPG]](http://1.bp.blogspot.com/-JiTOc7W_lRY/UrbPyGZcfyI/AAAAAAAAA1E/H9AWymnWO7g/s640/hacking+remote+pc+target+metasploit+smb+exploit+backtrack.JPG)
you must have already one meterpreter shelled open for this task. I am not explaining how to do this , brwose my blog and you'll get it. Continuing to tutorial .. lets get buzy ;D
you must view ,
Make Payload fully fud
Hacking WIFI WPA-2PSK using Cowpatty
Before we can begin to kill the AV software, we need to escalate our privileges.
Usually, when we embed a listener on the victim's system, the listener will only have the privileges of the user who provided us with a gateway to their system by clicking on the malicious website, Office doc, Abobe PDF, etc.
That user most often has limited rights or privileges to the system. Unlimited rights to do anything on the system is held by the administrator or system administrator (or sysadmin for short).
We need to escalate our privileges from the user to sysadmin to have our way with this computer.
Step 2: Checking the User
Before we start the process of escalation, let's check what user we are logged in as. Type:
meterpreter > getuid
This will return the ID of the user we are logged in as. If we are anything but the sysadmin, we'll need to escalate to kill the antivirus software.
Step 3: Escalate Privileges
Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin. Simply type getsystem at the Meterpreter prompt.
meterpreter > getsystem
![[Image: hack-like-pro-kill-and-disable-antivirus...c.w654.jpg]](http://img.wonderhowto.com/img/22/94/63495848816227/0/hack-like-pro-kill-and-disable-antivirus-software-remote-pc.w654.jpg)
Notice that Metasploit responds with "...got system (with technique 1)". Metasploit has multiple methods to escalate privileges and it tries each of them out until one works.
In our case, it was successful with technique 1.
Step 4: Check That We Are Sysadmin
Now that Metasploit has told us that it has escalated our privileges to sysadmin, let's make sure. Type:
meterpreter > getuid
![[Image: hack-like-pro-kill-and-disable-antivirus...c.w654.jpg]](http://img.wonderhowto.com/img/03/40/63495849274322/0/hack-like-pro-kill-and-disable-antivirus-software-remote-pc.w654.jpg)
As you can see in my screenshot above, the victim responds with NT AUTHORITY\SYSTEM, the syadmin user!
Congratulations! You can now have your way this victim.
Step 5: Kill the AntiVirus Software
Now that we have unlimited rights to this system, let’s kill the antivirus software. Metasploit has a Ruby script called killav.rb. We simply run that script from the Meterpreter prompt and it will kill the system’s antivirus software.
Make certain to start the script with the keyword run. Type:
meterpreter > run killav.rb
![[Image: hack-like-pro-kill-and-disable-antivirus...c.w654.jpg]](http://img.wonderhowto.com/img/86/43/63495848836054/0/hack-like-pro-kill-and-disable-antivirus-software-remote-pc.w654.jpg)
Notice from the screenshot above that the killav.rb script not only killed the antivirus process, but also the open command prompt.
![[Image: hack-like-pro-kill-and-disable-antivirus...c.w654.jpg]](http://img.wonderhowto.com/img/50/05/63495849995386/0/hack-like-pro-kill-and-disable-antivirus-software-remote-pc.w654.jpg)
Now that we have killed the antivirus process, we can remain hidden within their system and do as we please with little or no chance of being detected.
In upcoming blogs, we will explore more adventures with the power of our embedded listener/rootkit with sysadmin privileges. There is no limit what we can do now!
secmads.com
Tutorial written by occupytheweb from WonderHowTo. all credits goes to him.
Hey guys ? it's me Zaid your frnd with new tutorial some of you may know dafuq i am talking about but on other side some of you dont know dafuq i am talking about.. today's tutorial is about to kill anti virus on your victim's Machine
everybody wants to Hack PC but sometimes you got owned by Anti virus
so lets try something new today (Y)you must have already one meterpreter shelled open for this task. I am not explaining how to do this , brwose my blog and you'll get it. Continuing to tutorial .. lets get buzy ;D
you must view ,
Make Payload fully fud
Hacking WIFI WPA-2PSK using Cowpatty
Before we can begin to kill the AV software, we need to escalate our privileges.
Usually, when we embed a listener on the victim's system, the listener will only have the privileges of the user who provided us with a gateway to their system by clicking on the malicious website, Office doc, Abobe PDF, etc.
That user most often has limited rights or privileges to the system. Unlimited rights to do anything on the system is held by the administrator or system administrator (or sysadmin for short).
We need to escalate our privileges from the user to sysadmin to have our way with this computer.
Step 2: Checking the User
Before we start the process of escalation, let's check what user we are logged in as. Type:
meterpreter > getuid
This will return the ID of the user we are logged in as. If we are anything but the sysadmin, we'll need to escalate to kill the antivirus software.
Step 3: Escalate Privileges
Metasploit and its Meterpreter make it simple to escalate privileges to the sysadmin. Simply type getsystem at the Meterpreter prompt.
meterpreter > getsystem
Notice that Metasploit responds with "...got system (with technique 1)". Metasploit has multiple methods to escalate privileges and it tries each of them out until one works.
In our case, it was successful with technique 1.
Step 4: Check That We Are Sysadmin
Now that Metasploit has told us that it has escalated our privileges to sysadmin, let's make sure. Type:
meterpreter > getuid
As you can see in my screenshot above, the victim responds with NT AUTHORITY\SYSTEM, the syadmin user!
Congratulations! You can now have your way this victim.
Step 5: Kill the AntiVirus Software
Now that we have unlimited rights to this system, let’s kill the antivirus software. Metasploit has a Ruby script called killav.rb. We simply run that script from the Meterpreter prompt and it will kill the system’s antivirus software.
Make certain to start the script with the keyword run. Type:
meterpreter > run killav.rb
Notice from the screenshot above that the killav.rb script not only killed the antivirus process, but also the open command prompt.
Now that we have killed the antivirus process, we can remain hidden within their system and do as we please with little or no chance of being detected.
In upcoming blogs, we will explore more adventures with the power of our embedded listener/rootkit with sysadmin privileges. There is no limit what we can do now!
secmads.com
Tutorial written by occupytheweb from WonderHowTo. all credits goes to him.
If imagination is Alive than even creation is alive..
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: oAnNAVY.png]](http://i.imgur.com/oAnNAVY.png)
