Forum Thread: Metasploit Killing Anti-Virus

I got into a meterpreter session with my other computer. I wanted to create a persistence backdoor but it won't let me do it because of the AV. I therefore ran killav.rb but still the AV notices the backdoor that I'm trying to create. Does anyone know how to solve this problem?

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

11 Responses

You can try changing to a command shell and kill the AV from it. If you have escalated privileges.

I escalated privileges by running getprivs because getsystem didn't workout but when I use getuid it still says that I'm a user and not an admin or system. How can I solve this?

You wont kill AV that way

it will simply recreate a process as soon you kill one

let try a different way we gonna grant metasploit priv to overpass AV first lemme know what based system you using for syntax? is it Debian based?

the anti virus you trying to kill is it a linux or windows ?

I am using a Debian based system and I'm trying to kill the AV of Windows 7.

Does killing AV this way make it possible to create a temporary backdoor or should I do this another way?

A backdoor won't be much help in this case. Try a rootkit.

-The Joker

Why wouldn't it help?

A backdoor can be gone as soon as AV gets back. It can help, but requires more effort. Rootkits are more nasty.

-The Joker

Share Your Thoughts

  • Hot
  • Active