Blunderboy Posted February 5, 2011 Posted February 5, 2011 (edited) I have yet to see or at least find anything associated with a Merterpreter removal tool other then antimeter which is difficult to find. I was wondering if anyone knows anything about how to search and eliminate hidden Merterpreter sessions that may be leaving a computer wide open for attack? Edited February 13, 2011 by Blunderboy Quote
Infiltrator Posted February 8, 2011 Posted February 8, 2011 I have seen yet to see or at least find anything associated with a Merterpreter removal tool other then antimeter which is difficult to find. I was wondering if anyone knows anything about how to search and eliminate hidden Merterpreter sessions that may be leaving a computer wide open for attack? Hey Blunderboy, Did a bit of Googling and found this link, where you can download Antimeter from. http://www.mertsarica.com/?page_id=893 Quote
Blunderboy Posted February 11, 2011 Author Posted February 11, 2011 Hey Blunderboy, Did a bit of Googling and found this link, where you can download Antimeter from. http://www.mertsarica.com/?page_id=893 Thanks for the link. So far it has worked really well. Quote
Infiltrator Posted February 12, 2011 Posted February 12, 2011 Thanks for the link. So far it has worked really well. Now one thing I am not very certain about this tool is how accurate it is in detecting Meterpreter sessions. I ran this tool on my Windows 7 box and it found one Meterpreter session active and my box is fully patched up. So that left me wondering... Quote
digininja Posted February 12, 2011 Posted February 12, 2011 I've asked on the Metasploit mailing list to see what they recommend, I'll let you know if I get anything back. Quote
Infiltrator Posted February 12, 2011 Posted February 12, 2011 Would be nice to see another tool for detecting Meterpreter sessions. I've been looking around but couldn't find any. Quote
digininja Posted February 12, 2011 Posted February 12, 2011 Not for detection but for analysis afterwards: http://www.mandiant.com/products/research/mandiant_metasploit_forensic_framework/ Quote
Blunderboy Posted February 13, 2011 Author Posted February 13, 2011 I recently installed COMODO Firewall and when I get the chance I will try and open a meterpreter session and see what happens. I will disable the firewall and then bring it up and see if it will allow the already active session to stay active. Again when I get the chance to do this I will return with my results. Quote
Infiltrator Posted February 14, 2011 Posted February 14, 2011 (edited) I recently installed COMODO Firewall and when I get the chance I will try and open a meterpreter session and see what happens. I will disable the firewall and then bring it up and see if it will allow the already active session to stay active. Again when I get the chance to do this I will return with my results. I would be surprised if Comodo can detect a Meterpreter session at all, since its becoming so advanced and hard to detect. Edited February 14, 2011 by Infiltrator Quote
Paradigma Posted February 19, 2011 Posted February 19, 2011 It would be nice if there were more tools that could accurately detect meterpreter sessions. I can't seem to find any other than antimeter though... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.