Anti-Virus Software in penetration testing

Source: Internet
Author: User

I recently tested a project and encountered anti-virus software during Elevation of Privilege. N multiple tools were killed, even though they all succeeded in Elevation of Privilege, however, more or less, it may cause a lot of trouble for us to escalate permissions. In particular, Cain sniffing is used after the elevation of permissions is successful, and Cain is killed in seconds. Here we will summarize the two anti-virus software that I encountered during the process of elevation of permission, and summarize how to disable the two anti-virus software after the elevation of permission.

1. Disable trend-free anti-virus software without Password

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SOFTWARE \ TrendMicro \ PC-cillinntcorp \ CurrentVersion \ Misc.] "nopwdprotect" = DWORD: 00000001 "allow Uninstall" = DWORD: 00000001; ["nopwdprotect" = DWORD: 00000001] indicates the exit trend. Change [0] to restore and release the password; ["allow Uninstall" = DWORD: 00000001] indicates the uninstall trend. Change it to [0] to restore it. Uninstall the password.

Save the preceding content as waitalone. Reg, and double-click the import button to exit the trend-free antivirus software.

 

 

 

2. crack the password of the McAfee antivirus software

The password for unlocking the McAfee antivirus software user interface is saved in the following registry path:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ protected topprotection

In fact, the sub-key UIP is the password to be unlocked on the anti-virus software user interface. It is the MD5 ciphertext. You can directly decrypt the sub-key on iis5. If the sub-key cannot be parsed, you can generate a replacement.

 

 

Bytes ---------------------------------------------------------------------------------------

 

If the user's unlock password on the McAfee VirusScan console is forgotten, the following solutions can be taken:

Restart your computer, enter security mode, open the registry, find HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ topics topprotection in the registry, find the UIP subkey, delete the subkey, and restart.
Or
The password is forgotten and cannot be unlocked. You can see on the Internet that deleting HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ topics topprotection \ UIP in Safe Mode

Without that condition, we can try to change the original one to a known one.

Admin: 19a2854144b63a8f7617a6f225019b12

If you do not want to modify it, try the ice blade. If not, call the data center to reinstall the system.

 

Anti-Virus Software in penetration testing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.