moonlit

it's normal to be running multiple SVCHOSTs even on a default install, try Google for the other processes though, you can usually get a very good idea of what they are.

Joker, dude, can you change that avatar as soon as you see this message please...

hahah :p

Are you on Windows 2k, XP or 2k3 w/Admin priviledges? It relies on the AT command to escalate itself and so requires these... If you have a bug for me to fix I'll need more info I'm afraid like what OS, which AVKill version, level of user rights, method used to run the app and what it runs as... :) Less tasks? I'm not sure I get you, unless you're running version 1.0 in which case I'd recommend you upgrade to v1.11 which uses only 1 process.

ewww?

I read that normal users have access to the registry key that tells Dr Watson (Windows debugger/error catching thing if I did my homework) and so if we were to replace the exe location to point to a small app to escalate privs and cause a crash would that not run our app? Just a thought, don't know how viable it is but thought it was worth a shot... The only parts I was unsure of is if this exploit will still work and if we can bump the privs using it... oh, and how do you cause a crash worthy of debugging, a simple divide by zero won't cut it I don't think...

Symantec (expecially Corp) isn't implemented yet, keep an eye on the wiki for future updates :) Yeah, new method in v1.11, Esc.exe isn't needed any more :)

Thanks man, that'll help a lot... support for AntiVir isn't enabled yet but thanks for the info... I knew about the AT command being obvious if you watch Task Scheduler but bear in mind in the switchblade environment you probably wouldn't have time to check it while someone's playing with a USB key ;) Using the -a switch from the command line isn't supported as yet since running without switches enables the -a switch to work it's magic (-a is the switch that makes it do the cool stuff)... The console windows are from NET STOP commands used for some of the services used by the AVs and I've not seen them cause a problem with anyone's testing yet but I'll look in to it :) I'll go about adding AntiVir support very soon, thanks again :D Oh, and as for the thread: http://www.hak5.org/forums/viewtopic.php?t=2713 ;)

No, Moonlit ;)

What happened to the Hak5 Hamachi(sic)?

Yeah I'll be looking in to adding more AVs in future versions, please keep a lookout on teh wiki, it's coming soon :D

I wonder what this would do to your rig's cooling eFish-ency...? ;)

here's one small example, though not the one I saw before... http://www.nobispro.com/aquatank/ the one I saw before wasn't a real fish tank though (which method is preferable I don't know) but it was a couple of panes of plexi with water between giving maybe a couple of inches depth of water which was sealed off from the actual guts of the machine but it looked like there was a full tank of water if you looked through it... maybe if you didn't want real fish then perhaps a modified version of the plexi/water sandwich with an LCD behind the inside pane showing a fishtank animation/video/screensaver... maybe then add the aqua lighting from the above project and it'd look pretty convincing I think...

Update to AVKill, please see http://www.hak5.org/wiki/AV_Killer for more info, that's where I'll be updating.

Excuse my making of a crap joke but I think it should be called X-Slax...

Actually someone did do a window mod with 2 panes of plexi with water between them which made it look a lot like the machine was indeed filled with water, maybe that could be adapted? :)

Yeah IIRC Hak5 and thebroken were the 2 shows that really got me in to IPTV... thebroken because it kinda showed that it didn't matter who you were and Hak5 because it showed that no matter who you are you can make a show that has great content... ...I'm still looking out for more decent shows... ;)

Ehh... from the K6-2 onwards I was an AMD man but recently I've gone kinda neutral about the whole thing... Intel seem to be getting ahead again and while AMD will probably catch up again just like always but it makes little sense to tie yourself to a brand just on the name... If Intel make the better product I say use it but I'm still happy with my AMD for now.

Project on hold, my hat's getting sun-bleached... URL Removed. AVKill 1.0 by Moonlit ===================== Description: ============ This tool will kill a selection of antivirus applications. The antivirus application will be killed only until the next reboot, no files are modified or destroyed. Usage: ===== Run Esc.exe either manually or via a batch or script. The AV killer (AVKill.exe) will be run under System priviledges and kill the AV software. Todo: ===== Add tray icons to simulate the appearance of the AV being fully functional. One axample would be where AVG might grey out it's tray icon to show something is not working, need to make it show a coloured icon to avoid suspicion. Add more antivirus apps to be killed. Possibly add firewalls and anti-spyware apps to help avoid detection even further. Add options/switches to kill totally (remove AV), use tray icon(s), restart AV when done or after a certain time period. Merge to 1 exe. History/Fixes: ============== V1.0: Fixed 100% CPU usage, removed test forms, fixed 'root dir only' bug. v0.5: Added AVG, Avast, NOD32 and Trend. Greetz: ======= Melodic, Bigbro and Kainchick for testing, #hak5 on irc.hak5.org for help & support. Duped in Switchblade thread for relevance, here for those who don't read aforementioned thread. Edit: Updated versions available, see wiki page for info - will be updating wiki page more regularly than here most likely so keep an eye out :)

Project on hold, my hat's getting sun-bleached... URL Removed. AVKill 1.0 by Moonlit ===================== Description: ============ This tool will kill a selection of antivirus applications. The antivirus application will be killed only until the next reboot, no files are modified or destroyed. Usage: ===== Run Esc.exe either manually or via a batch or script. The AV killer (AVKill.exe) will be run under System priviledges and kill the AV software. Todo: ===== Add tray icons to simulate the appearance of the AV being fully functional. One axample would be where AVG might grey out it's tray icon to show something is not working, need to make it show a coloured icon to avoid suspicion. Add more antivirus apps to be killed. Possibly add firewalls and anti-spyware apps to help avoid detection even further. Add options/switches to kill totally (remove AV), use tray icon(s), restart AV when done or after a certain time period. Merge to 1 exe. History/Fixes: ============== V1.0: Fixed 100% CPU usage, removed test forms, fixed 'root dir only' bug. v0.5: Added AVG, Avast, NOD32 and Trend. Greetz: ======= Melodic, Bigbro and Kainchick for testing, #hak5 on irc.hak5.org for help & support. Duped in Switchblade thread for relevance, here for those who don't read aforementioned thread. Edit: Updated versions available, see wiki page for info - will be updating wiki page more regularly than here most likely so keep an eye out :)

...that and the fact you don't wanna turn the inside of your rig into a fish tank.

Wow, I didn't even realise this thread was a few months old until about half way through... :)

Dude... ;)

Well said that man! Oh, and: ROFL.

I'd imagine that would work on a T42 since 32bit CardBus cards work in my old PII Toshiba Satellite...