Jump to content

Recommended Posts

Posted (edited)

I have yet to see or at least find anything associated with a Merterpreter removal tool other then antimeter which is difficult to find. I was wondering if anyone knows anything about how to search and eliminate hidden Merterpreter sessions that may be leaving a computer wide open for attack?

Edited by Blunderboy
Posted

I have seen yet to see or at least find anything associated with a Merterpreter removal tool other then antimeter which is difficult to find. I was wondering if anyone knows anything about how to search and eliminate hidden Merterpreter sessions that may be leaving a computer wide open for attack?

Hey Blunderboy,

Did a bit of Googling and found this link, where you can download Antimeter from.

http://www.mertsarica.com/?page_id=893

Posted

Thanks for the link. So far it has worked really well.

Now one thing I am not very certain about this tool is how accurate it is in detecting Meterpreter sessions.

I ran this tool on my Windows 7 box and it found one Meterpreter session active and my box is fully patched up.

So that left me wondering...

Posted

I've asked on the Metasploit mailing list to see what they recommend, I'll let you know if I get anything back.

Posted

Would be nice to see another tool for detecting Meterpreter sessions. I've been looking around but couldn't find any.

Posted

I recently installed COMODO Firewall and when I get the chance I will try and open a meterpreter session and see what happens. I will disable the firewall and then bring it up and see if it will allow the already active session to stay active. Again when I get the chance to do this I will return with my results.

Posted (edited)

I recently installed COMODO Firewall and when I get the chance I will try and open a meterpreter session and see what happens. I will disable the firewall and then bring it up and see if it will allow the already active session to stay active. Again when I get the chance to do this I will return with my results.

I would be surprised if Comodo can detect a Meterpreter session at all, since its becoming so advanced and hard to detect.

Edited by Infiltrator

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...