• XSS.stack #1 – первый литературный журнал от юзеров форума

AV\EDR [есть решение?] AV block exec cmd

Отслеживать

republique_centrafricaine

(L3) cache
Пользователь
Регистрация
21.10.2021
Сообщения
206
Реакции
28
Всем хай.
Начал активно доставать доступы различного характера. Вполне научился отсеивать поты. На реальных таргетах имеется еррор при любой команде или при вызове повершелла для загрузки кобальта. Какие могут быть решения, кроме приватных приватов?

nt authority\system

Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 Services 0 4 K System 4 Services 0 128 K smss.exe 380 Services 0 1,208 K csrss.exe 492 Services 0 4,924 K wininit.exe 564 Services 0 4,828 K csrss.exe 572 Console 1 4,704 K winlogon.exe 648 Console 1 18,696 K services.exe 700 Services 0 15,016 K lsass.exe 716 Services 0 162,740 K svchost.exe 916 Services 0 19,764 K svchost.exe 972 Services 0 47,332 K svchost.exe 400 Services 0 12,500 K dwm.exe 440 Console 1 50,744 K svchost.exe 468 Services 0 26,436 K svchost.exe 904 Services 0 34,272 K svchost.exe 936 Services 0 32,508 K svchost.exe 1124 Services 0 11,092 K svchost.exe 1288 Services 0 19,452 K svchost.exe 1316 Services 0 101,248 K VSSVC.exe 1404 Services 0 7,892 K svchost.exe 1484 Services 0 7,276 K svchost.exe 1492 Services 0 33,260 K svchost.exe 2004 Services 0 6,612 K svchost.exe 2404 Services 0 8,636 K spoolsv.exe 2552 Services 0 24,508 K svchost.exe 2704 Services 0 12,232 K svchost.exe 2756 Services 0 37,092 K mqsvc.exe 2784 Services 0 13,756 K dns.exe 2796 Services 0 361,024 K svchost.exe 2816 Services 0 28,980 K SMSvcHost.exe 2824 Services 0 51,264 K svchost.exe 2840 Services 0 24,464 K svchost.exe 2848 Services 0 16,120 K fms.exe 2864 Services 0 15,016 K ismserv.exe 2872 Services 0 5,404 K hostcontrollerservice.exe 2896 Services 0 81,440 K Microsoft.ActiveDirectory 2908 Services 0 66,576 K dfsrs.exe 2928 Services 0 27,004 K inetinfo.exe 2936 Services 0 57,792 K WMSvc.exe 2976 Services 0 24,772 K MSExchangeHMRecovery.exe 1676 Services 0 39,512 K MSExchangeHMHost.exe 2092 Services 0 232,488 K sftracing.exe 2524 Services 0 17,424 K dfssvc.exe 3096 Services 0 8,620 K MBAMService.exe 3132 Services 0 407,524 K SMSvcHost.exe 3884 Services 0 22,736 K vds.exe 4256 Services 0 10,704 K Microsoft.Exchange.Direct 4580 Services 0 148,936 K WmiPrvSE.exe 4652 Services 0 26,552 K noderunner.exe 4900 Services 0 253,184 K noderunner.exe 4880 Services 0 566,756 K noderunner.exe 5100 Services 0 438,508 K w3wp.exe 5140 Services 0 651,896 K noderunner.exe 5148 Services 0 182,324 K MSExchangeMailboxReplicat 5804 Services 0 242,704 K Microsoft.Exchange.EdgeSy 5812 Services 0 101,356 K msexchangerepl.exe 5820 Services 0 179,928 K MSExchangeFrontendTranspo 5828 Services 0 215,684 K MSExchangeCompliance.exe 5836 Services 0 132,584 K MSExchangeDelivery.exe 5844 Services 0 289,676 K MSExchangeTransportLogSea 5852 Services 0 111,408 K MSExchangeMailboxAssistan 5860 Services 0 410,504 K ComplianceAuditService.ex 5868 Services 0 208,048 K MSExchangeDagMgmt.exe 5876 Services 0 127,756 K Microsoft.Exchange.Antisp 5884 Services 0 36,380 K Microsoft.Exchange.Store. 5892 Services 0 152,348 K MSExchangeSubmission.exe 5900 Services 0 232,792 K MSExchangeThrottling.exe 5920 Services 0 109,196 K Microsoft.Exchange.RpcCli 5972 Services 0 217,300 K umservice.exe 5980 Services 0 132,408 K Microsoft.Exchange.Servic 6096 Services 0 221,680 K Microsoft.Exchange.UM.Cal 1964 Services 0 133,440 K w3wp.exe 5500 Services 0 702,392 K w3wp.exe 6348 Services 0 917,820 K updateservice.exe 2568 Services 0 21,116 K w3wp.exe 8492 Services 0 403,312 K w3wp.exe 10000 Services 0 286,848 K w3wp.exe 10008 Services 0 231,108 K ForefrontActiveDirectoryC 8560 Services 0 126,396 K Microsoft.Exchange.Store. 2832 Services 0 3,399,916 K scanningprocess.exe 10916 Services 0 193,236 K scanningprocess.exe 11060 Services 0 212,656 K scanningprocess.exe 11128 Services 0 195,848 K MSExchangeTransport.exe 10688 Services 0 111,756 K EdgeTransport.exe 3052 Services 0 355,348 K conhost.exe 9808 Services 0 8,804 K w3wp.exe 5572 Services 0 2,299,328 K w3wp.exe 10816 Services 0 1,285,236 K w3wp.exe 12580 Services 0 608,752 K w3wp.exe 12748 Services 0 5,420,596 K w3wp.exe 8392 Services 0 234,560 K w3wp.exe 1564 Services 0 5,640,704 K mbamtray.exe 13492 Console 1 221,508 K sihost.exe 13572 Console 1 28,704 K svchost.exe 13596 Console 1 19,816 K taskhostw.exe 13620 Console 1 15,276 K w3wp.exe 14176 Services 0 222,452 K RuntimeBroker.exe 14632 Console 1 18,048 K GoogleCrashHandler.exe 15248 Services 0 1,508 K GoogleCrashHandler64.exe 15300 Services 0 1,212 K msdtc.exe 7180 Services 0 9,276 K ServerManager.exe 14892 Console 1 141,668 K ShellExperienceHost.exe 9496 Console 1 38,644 K SearchUI.exe 10144 Console 1 35,564 K WmiApSrv.exe 15648 Services 0 7,420 K Microsoft.Exchange.Diagno 15760 Services 0 195,136 K Microsoft.Exchange.Search 1380 Services 0 198,176 K rundll32.exe 16320 Services 0 46,208 K rundll32.exe 16228 Services 0 45,056 K fontdrvhost.exe 15540 Console 1 6,372 K mbam.exe 18760 Console 1 656,260 K chrome.exe 9804 Console 1 47,764 K chrome.exe 16600 Console 1 2,356 K chrome.exe 16612 Console 1 13,780 K chrome.exe 10360 Console 1 15,148 K chrome.exe 19988 Console 1 4,000 K chrome.exe 7536 Console 1 4,472 K chrome.exe 17376 Console 1 8,012 K taskhostw.exe 5528 Console 1 15,252 K svchost.exe 12440 Services 0 7,020 K LogonUI.exe 17800 Console 1 41,760 K LockAppHost.exe 11504 Console 1 9,012 K w3wp.exe 16732 Services 0 166,816 K MSExchangeHMWorker.exe 24344 Services 0 717,064 K conhost.exe 7748 Services 0 5,116 K MusNotificationUx.exe 22828 Console 1 18,804 K rundll32.exe 19760 Services 0 19,072 K rundll32.exe 2744 Services 0 21,004 K SSUService.exe 18400 Services 0 10,544 K SRService.exe 19624 Services 0 6,728 K SRManager.exe 23692 Services 0 22,712 K SRServer.exe 25048 Services 0 15,720 K SRAgent.exe 23028 Console 1 15,412 K SRFeature.exe 24956 Console 1 11,080 K AteraAgent.exe 14828 Services 0 55,800 K UMWorkerProcess.exe 25012 Services 0 184,000 K w3wp.exe 25504 Services 0 2,538,580 K w3wp.exe 18524 Services 0 608,080 K WmiPrvSE.exe 25688 Services 0 15,904 K powershell.exe 23484 Services 0 46,524 K conhost.exe 14648 Services 0 6,120 K powershell.exe 25432 Services 0 46,688 K conhost.exe 22176 Services 0 6,104 K tasklist.exe 20220 Services 0 7,756 K tasklist.exe 11472 Services 0 7,764 K

StatusCode : 200 StatusDescription : OK Content : <!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en-GB" system-icons typography typography-spacing><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/... RawContent : HTTP/1.1 200 OK X-Content-Type-Options: nosniff Pragma: no-cache X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 Report-To: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECM... Forms : Headers : {[X-Content-Type-Options, nosniff], [Pragma, no-cache], [X-Frame-Options, SAMEORIGIN], [Strict-Transport-Security, max-age=31536000]...} Images : {} InputFields : {} Links : {@{outerHTML=<a style="display: none;" href="/" title="YouTube"><svg id="yt-logo-updated-svg" class="external-icon" viewBox="0 0 90 20"><g id="yt-logo-updated" viewBox="0 0 90 20" preserveAspectRatio="xMidYMid meet"><g><path d="M27.9727 3.12324C27.6435 1.89323 26.6768 0.926623 25.4468 0.597366C23.2197 2.24288e-07 14.285 0 14.285 0C14.285 0 5.35042 2.24288e-07 3.12323 0.597366C1.89323 0.926623 0.926623 1.89323 0.597366 3.12324C2.24288e-07 5.35042 0 10 0 10C0 10 2.24288e-07 14.6496 0.597366 16.8768C0.926623 18.1068 1.89323 19.0734 3.12323 19.4026C5.35042 20 14.285 20 14.285 20C14.285 20 23.2197 20 25.4468 19.4026C26.6768 19.0734 27.6435 18.1068 27.9727 16.8768C28.5701 14.6496 28.5701 10 28.5701 10C28.5701 10 28.5677 5.35042 27.9727 3.12324Z" fill="#FF0000"/><path d="M11.4253 14.2854L18.8477 10.0004L11.4253 5.71533V14.2854Z" fill="white"/></g><g><g id="youtube-paths"><path d="M34.6024 13.0036L31.3945 1.41846H34.1932L35.3174 6.6701C35.6043 7.96361 35.8136 9.06662 35.95 9.97913H36.0323C36.1264 9.32532 36.3381 8.22937 36.665 6.68892L37.8291 1.41846H40.6278L37.3799 13.0036V18.561H34.6001V13.0036H34.6024Z"/><path d="M41.4697 18.1937C40.9053 17.8127 40.5031 17.22 40.2632 16.4157C40.0257 15.6114 39.9058 14.5437 39.9058 13.2078V11.3898C39.9058 10.0422 40.0422 8.95805 40.315 8.14196C40.5878 7.32588 41.0135 6.72851 41.592 6.35457C42.1706 5.98063 42.9302 5.79248 43.871 5.79248C44.7976 5.79248 45.5384 5.98298 46.0981 6.36398C46.6555 6.74497 47.0647 7.34234 47.3234 8.15137C47.5821 8.96275 47.7115 10.0422 47.7115 11.3898V13.2078C47.7115 14.5437 47.5845 15.6161 47.3329 16.4251C47.0812 17.2365 46.672 17.8292 46.1075 18.2031C45.5431 18.5771 44.7764 18.7652 43.8098 18.7652C42.8126 18.7675 42.0342 18.5747 41.4697 18.1937ZM44.6353 16.2323C44.7905 15.8231 44.8705 15.1575 44.8705 14.2309V10.3292C44.8705 9.43077 44.7929 8.77225 44.6353 8.35833C44.4777 7.94206 44.2026 7.7351 43.8074 7.7351C43.4265 7.7351 43.156 7.94206 43.0008 8.35833C42.8432 8.77461 42.7656 9.43077 42.7656 10.3292V14.2309C42.7656 15.1575 42.8408 15.8254 42.9914 16.2323C43.1419 16.6415 43.4123 16.8461 43.8074 16.8461C44.2026 16.8461 44.4777 16.6415 44.6353 16.2323Z"/><path d="M56.8154 18.5634H54.6094L54.3648 17.03H54.3037C53.7039 18.1871 52.8055 18.7656 51.6061 18.7656C50.7759 18.7656 50.1621 18.4928 49.767 17.9496C49.3719 17.4039 49.1743 16.5526 49.1743 15.3955V6.03751H51.9942V15.2308C51.9942 15.7906 52.0553 16.188 52.1776 16.4256C52.2999 16.6631 52.5045 16.783 52.7914 16.783C53.036 16.783 53.2712 16.7078 53.497 16.5573C53.7228 16.4067 53.8874 16.2162 53.9979 15.9858V6.03516H56.8154V18.5634Z"/><path d="M64.4755 3.6875 8H61.6768V18.5629H58.9181V3.68758H56.1194V1.42041H64.4755V3 .68758Z"/><path d="M71.2768 18.5634H69.0708L68.8262 17.03H68.7651C68.1654 18.1871 67.267 18.7656 66.0675 18.7656C65.2373 18.7656 64.6235 18.4928 64.2284 17.9496C63.8333 17.4039 63.6357 16.5526 63.6357 15.3955V6.03751H66.4556V15.2308C66.4556 15.7906 66.5167 16.188 66.639 16.4256C66.7613 16.6631 66.9659 16.783 67.2529 16.783C67.4974 16.783 67.7326 16.7078 67.9584 16.5573C68.1842 16.4067 68.3488 16.2162 68.4593 15.9858V6.03516H71.2768V18.5634Z"/><path d="M80.609 8.0387C80.4373 7.24849 80.1621 6.67699 79.7812 6.32186C79.4002 5.96674 78.8757 5.79035 78.2078 5.79035C77.6904 5.79035 77.2059 5.93616 76.7567 6.23014C76.3075 6.52412 75.9594 6.90747 75.7148 7.38489H75.6937V0.785645H72.9773V18.5608H75.3056L75.5925 17.3755H75.6537C75.8724 17.7988 76.1993 18.1304 76.6344 18.3774C77.0695 18.622 77.554 18.7443 78.0855 18.7443C79.038 18.7443 79.7412 18.3045 80.1904 17.4272C80.6396 16.5476 80.8653 15.1765 80.8653 13.3092V11.3266C80.8653 9.92722 80.7783 8.82892 80.609 8.0387ZM78.0243 13.1492C78.0243 14.0617 77.9867 14.7767 77.9114 15.2941C77.8362 15.8115 77.7115 16.1808 77.5328 16.3971C77.3564 16.6158 77.1165 16.724 76.8178 16.724C76.585 16.724 76.371 16.6699 76.1734 16.5594C75.9759 16.4512 75.816 16.2866 75.6937 16.0702V8.96062C75.7877 8.6196 75.9524 8.34209 76.1852 8.12337C76.4157 7.90465 76.6697 7.79646 76.9401 7.79646C77.2271 7.79646 77.4481 7.90935 77.6034 8.13278C77.7609 8.35855 77.8691 8.73485 77.9303 9.26636C77.9914 9.79787 78.022 10.5528 78.022 11.5335V13.1492H78.0243Z"/><path d="M84.8657 13.8712C84.8657 14.6755 84.8892 15.2776 84.9363 15.6798C84.9833 16.0819 85.0821 16.3736 85.2326 16.5594C85.3831 16.7428 85.6136 16.8345 85.9264 16.8345C86.3474 16.8345 86.639 16.6699 86.7942 16.343C86.9518 16.0161 87.0365 15.4705 87.0506 14.7085L89.4824 14.8519C89.4965 14.9601 89.5035 15.1106 89.5035 15.3011C89.5035 16.4582 89.186 17.3237 88.5534 17.8952C87.9208 18.4667 87.0247 18.7536 85.8676 18.7536C84.4777 18.7536 83.504 18.3185 82.9466 17.446C82.3869 16.5735 82.1094 15.2259 82.1094 13.4008V11.2136C82.1094 9.33452 82.3987 7.96105 82.9772 7.09558C83.5558 6.2301 84.5459 5.79736 85.9499 5.79736C86.9165 5.79736 87.6597 5.97375 88.1771 6.32888C88.6945 6.684 89.059 7.23433 89.2707 7.98457C89.4824 8.7348 89.5882 9.76961 89.5882 11.0913V13.2362H84.8657V13.8712ZM85.2232 7.96811C85.0797 8.14449 84.9857 8.43377 84.9363 8.83593C84.8892 9.2381 84.8657 9.84722 84.8657 10.6657V11.5641H86.9283V10.6657C86.9283 9.86133 86.9001 9.25221 86.846 8.83593C86.7919 8.41966 86.6931 8.12803 86.5496 7.95635C86.4062 7.78702 86.1851 7.7 85.8864 7.7C85.5854 7.70235 85.3643 7.79172 85.2232 7.96811Z"/></g></g></g></svg></a>; tagName=A; style=display: none;; href=/; title=YouTube}, @{outerHTML=<a style="display: none;" href="/" title="YouTube"><svg id="yt-logo-red-updated-svg" class="external-icon" viewBox="0 0 97 20" style="width: 97px;"><g id="yt-logo-red-updated" viewBox="0 0 97 20" preserveAspectRatio="xMidYMid meet"><g><path d="M27.9704 3.12324C27.6411 1.89323 26.6745 0.926623 25.4445 0.597366C23.2173 2.24288e-07 14.2827 0 14.2827 0C14.2827 0 5.34807 2.24288e-07 3.12088 0.597366C1.89323 0.926623 0.924271 1.89323 0.595014 3.12324C-2.8036e-07 5.35042 0 10 0 10C0 10 -1.57002e-06 14.6496 0.597364 16.8768C0.926621 18.1068 1.89323 19.0734 3.12324 19.4026C5.35042 20 14.285 20 14.285 20C14.285 20 23.2197 20 25.4468 19.4026C26.6769 19.0734 27.6435 18.1068 27.9727 16.8768C28.5701 14.6496 28.5701 10 28.5701 10C28.5701 10 28.5677 5.35042 27.9704 3.12324Z" fill="#FF0000"/><path d="M11.4275 14.2854L18.8475 10.0004L11.4275 5.71533V14.2854Z" fill="white"/></g><g id="youtube-red-paths"><path d="M40.0566 6.34524V7.03668C40.0566 10.4915 38.5255 12.5118 35.1742 12.5118H34.6638V18.5583H31.9263V1.42285H35.414C38.6078 1.42285 40.0566 2.7728 40.0566 6.34524ZM37.1779 6.59218C37.1779 4.09924 36.7287 3.50658 35.1765 3.50658H34.6662V10.4727H35.1365C36.6064 10.4727 37.1803 9.40968 37.1803 7.10253L37.1779 6.59218Z"/><path d="M46.5336 5.8345L46.3901 9.08238C45.2259 8.83779 44.264 9.02123 43.836 9.77382V18.5579H41.1196V6.0391H43.2857L43.5303 8.75312H43.6337C43.9183 6.77288 44.8379 5.771 46.0232 5.771C46.1949 5.7757 46.3666 5.79687 46.5336 5.8345Z"/><path d="M49.6567 13.2456V13.8782C49.6567 16.0842 49.779 16.8415 50.7198 16.8415C51.6182 16.8415 51.8228 16.1501 51.8439 14.7178L54.2734 14.8613C54.4568 17.5565 53.0481 18.763 50.6586 18.763C47.7588 18.763 46.9004 16.8627 46.9004 13.4126V11.223C46.9004 7.58707 47.8599 5.80908 50.7409 5.80908C53.6407 5.80908 54.3769 7.32131 54.3769 11.0984V13.2456H49.6567ZM49.6567 10.6703V11.5687H51.7193V10.675C51.7193 8.37258 51.5547 7.71172 50.6821 7.71172C49.8096 7.71172 49.6567 8.38669 49.6567 10.675V10.6703Z"/><path d="M68.4103 9.09902V18.5557H65.5928V9.30834C65.5928 8.28764 65.327 7.77729 64.7132 7.77729C64.2216 7.77729 63.7724 8.06186 63.4667 8.59338C63.4832 8.76271 63.4902 8.93439 63.4879 9.10373V18.5605H60.668V9.30834C60.668 8.28764 60.4022 7.77729 59.7884 7.77729C59.2969 7.77729 58.8665 8.06186 58.5631 8.57456V18.5628H55.7456V6.03929H57.9728L58.2221 7.63383H58.2621C58.8947 6.42969 59.9178 5.77588 61.1219 5.77588C62.3072 5.77588 62.9799 6.36854 63.288 7.43157C63.9418 6.34973 64.9225 5.77588 66.0443 5.77588C67.7564 5.77588 68.4103 7.00119 68.4103 9.09902Z"/><path d="M69.8191 2.8338C69.8191 1.4862 70.3106 1.09814 71.3501 1.09814C72.4132 1.09814 72.8812 1.54734 72.8812 2.8338C72.8812 4.22373 72.4108 4.57181 71.3501 4.57181C70.3106 4.56945 69.8191 4.22138 69.8191 2.8338ZM69.9837 6.03935H72.6789V18.5629H69.9837V6.03935Z"/><path d="M81.891 6.03955V18.5631H79.6849L79.4403 17.032H79.3792C78.7466 18.2573 77.827 18.7677 76.684 18.7677C75.0095 18.7677 74.2522 17.7046 74.2522 15.3975V6.0419H77.0697V15.2352C77.0697 16.3382 77.3002 16.7874 77.867 16.7874C78.3844 16.7663 78.8477 16.4582 79.0688 15.9902V6.0419H81.891V6.03955Z"/><path d="M96.1901 9.09893V18.5557H93.3726V9.30825C93.3726 8.28755 93.1068 7.7772 92.493 7.7772C92.0015 7.7772 91.5523 8.06177 91.2465 8.59329C91.263 8.76027 91.2701 8.9296 91.2677 9.09893V18.5557H88.4502V9.30825C88.4502 8.28755 88.1845 7.7772 87.5706 7.7772C87.0791 7.7772 86.6487 8.06177 86.3453 8.57447V18.5627H83.5278V6.0392H85.7527L85.9973 7.63139H86.0372C86.6699 6.42725 87.6929 5.77344 88.8971 5.77344C90.0824 5.77344 90.755 6.3661 91.0631 7.42913C91.7169 6.34729 92.6976 5.77344 93.8194 5.77344C95.541 5.77579 96.1901 7.0011 96.1901 9.09893Z"/><path d="M40.0566 6.34524V7.03668C40.0566 10.4915 38.5255 12.5118 35.1742 12.5118H34.6638V18.5583H31.9263V1.42285H35.414C38.6078 1.42285 40.0566 2.7728 40.0566 6.34524ZM37.1779 6.59218C37.1779 4.09924 36.7287 3.50658 35.1765 3.50658H34.6662V10.4727H35.1365C36.6064 10.4727 37.1803 9.40968 37.1803 7.10253L37.1779 6.59218Z"/></g></g></svg></a>; tagName=A; style=display: none;; href=/; title=YouTube}, @{outerHTML=<a slot="guide-links-primary" href="https://www.youtube.com/about/" style="display: none;">About</a>; tagName=A; slot=guide-links-primary; href=https://www.youtube.com/about/; style=display: none;}, @{outerHTML=<a slot="guide-links-primary" href="https://www.youtube.com/about/press/" style="display: none;">Press</a>; tagName=A; slot=guide-links-primary; href=https://www.youtube.com/about/press/; style=display: none;}...} ParsedHtml : RawContentLength : 579869

Windows IP Configuration Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::78bf:9703:c34b:73ea%4 IPv4 Address. . . . . . . . . . . : 192.168.1.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{8DAECAA7-385D-468E-BAD3-2864739C4024}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :

Host Name: SERVER20 OS Name: Microsoft Windows Server 2016 Standard OS Version: 10.0.14393 N/A Build 14393 OS Manufacturer: Microsoft Corporation OS Configuration: Primary Domain Controller OS Build Type: Multiprocessor Free Registered Owner: Windows User Registered Organization: Product ID: 00377-70070-95065-AA067 Original Install Date: 6/02/2020, 5:46:40 PM System Boot Time: 27/10/2021, 7:00:26 PM System Manufacturer: Microsoft Corporation System Model: Virtual Machine System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 158 Stepping 10 GenuineIntel ~3000 Mhz BIOS Version: American Megatrends Inc. 090007 , 18/05/2018 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume1 System Locale: Input Locale: Time Zone: Total Physical Memory: 48,000 MB Available Physical Memory: 11,931 MB Virtual Memory: Max Size: 57,216 MB Virtual Memory: Available: 19,132 MB Virtual Memory: In Use: 38,084 MB Page File Location(s): C:\pagefile.sys Domain: domain Logon Server: N/A Hotfix(s): 13 Hotfix(s) Installed. [01]: KB5006065 [02]: KB4049065 [03]: KB4486129 [04]: KB4520724 [05]: KB4524244 [06]: KB4535680 [07]: KB4550994 [08]: KB4576750 [09]: KB4589210 [10]: KB4601392 [11]: KB5001078 [12]: KB5001402 [13]: KB5006669 Network Card(s): 1 NIC(s) Installed. [01]: Microsoft Hyper-V Network Adapter Connection Name: Ethernet DHCP Enabled: No IP address(es) [01]: 192.168.1.1 [02]: fe80::78bf:9703:c34b:73ea Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.

При попытке чего-то серьезного либо пустая строка ответа, либо AV block exec cmd. Что делать, не понимаю.

Могу сливать доступы и быть на зарплате или за маленький процент. Ревеню от 1кк до 1ккк, мир, кроме снг, китая, азии, израиля.
90% винда, 5% линукс, 5% камеры.
На данный момент порядка 100 наводок на винду и 20 на линукс.

Пм
Жаба republique_centrafricaine@thesecure.at + otr
Токс 33FDE4E50775ACD410CE985B261767983CD32E0650B1FD0DA66F68BAF0ED637C2C215B7E20D1
 
Не пойму, какая-то секретная информация что ли? Или просто нет решений?
По ав вроде как в основном дефендер. Маякните кто-то, скину доступов в отработку. Таргетов реально много, жалко в никуда въебывать.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Я не вижу там какого-либо специального антивируса, только windef? если вы админ, почему бы вам не отключить защиту в реальном времени и все?

Кроме того, эта программа настойчивости принадлежит вам? Я вижу пару установленных
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Я вижу теперь scanprocess.exe, который выглядит как касперский. Тогда вам придется отключить Kaspersky Realtime, удачи, если он защищен паролем.
 
chapo сказал(а):
Я не вижу там какого-либо специального антивируса, только windef? если вы админ, почему бы вам не отключить защиту в реальном времени и все?

Кроме того, эта программа настойчивости принадлежит вам? Я вижу пару установленных
You can write in your own language.
Yes, only defender. I am so noob that i can't get around him (so far).

chapo сказал(а):
Я вижу теперь scanprocess.exe, который выглядит как касперский. Тогда вам придется отключить Kaspersky Realtime, удачи, если он защищен паролем.
So far, the problem is precisely in the defender.
And in order to load payload cobalt strike on the target machine, bypassing the av triggers.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
republique_centrafricaine сказал(а):
You can write in your own language.
Yes, only defender. I am so noob that i can't get around him (so far).


So far, the problem is precisely in the defender.
And in order to load payload cobalt strike on the target machine, bypassing the av triggers.
I think what you have there is kaspersky, if its latest versions with password, very hard to remove.

Which kind of access do you have, RDP? also, you admin?
 
Pernat1y сказал(а):
Malwarebytes?
Возможно. Это тестовый доступ, учусь на нем.
Буду убивать всеми возможными способами )
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Pernat1y сказал(а):
Malwarebytes?
If malwarebytes is blocking something, this could be an important moment in history. I have never seen MB detecting shit.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх