shamwow Posted June 4, 2015 Posted June 4, 2015 Can anyone tell me how I can use the USB Rubber Ducky to kill an Antivirus like AVG without getting Access Denied errors? Quote
shamwow Posted June 4, 2015 Author Posted June 4, 2015 I want it to kill my AV and then run Webbrowser Passview.exe Quote
mreidiv Posted June 5, 2015 Posted June 5, 2015 (edited) Not sure if this is what you want but if you look at the killav.rb script in meterpeter it might give you an idea how to so this. http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&ved=0CGEQFjAJ&url=http%3A%2F%2Fnull-byte.wonderhowto.com%2Fhow-to%2Fhack-like-pro-kill-and-disable-antivirus-software-remote-pc-0141906%2F&ei=za5xVaGUBo-RyATIm4KgCg&usg=AFQjCNGQhyeNFggKVjwpXTX8qMcN32lQBg&sig2=0uTGDuxyyS9SsUdaNP-4rg Edited June 5, 2015 by mreidiv Quote
Sildaekar Posted June 6, 2015 Posted June 6, 2015 With the Ducky alone, what you are asking is impossible. What I would do is create a program that shutsdown all AV on the victim, then put it on a mass storage device, have the ducky copy it over and run. Quote
shamwow Posted June 12, 2015 Author Posted June 12, 2015 Not sure if this is what you want but if you look at the killav.rb script in meterpeter it might give you an idea how to so this. http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=10&ved=0CGEQFjAJ&url=http%3A%2F%2Fnull-byte.wonderhowto.com%2Fhow-to%2Fhack-like-pro-kill-and-disable-antivirus-software-remote-pc-0141906%2F&ei=za5xVaGUBo-RyATIm4KgCg&usg=AFQjCNGQhyeNFggKVjwpXTX8qMcN32lQBg&sig2=0uTGDuxyyS9SsUdaNP-4rg Maybe I could kill the processes if I am able to get System Admin privleges in a console but how do I become System Admin? I am only Admin and I don't have enough privledges to stop a service or kill an AV process. Quote
MB60893 Posted July 1, 2015 Posted July 1, 2015 You need to know the process name (e.g. for Microsoft Security Essentials, process is "msseces.exe" in task manager) and if it requires administrative privileges to kill the task. You can then proceed to do this with the cmd command 'taskkill /id "msseces.exe" /f /t' That will kill the given process. If you need admin privileges, you need to make the rubber ducky start cmd with administrator privileges. See examples at USBRubberDucky.com.NOTE: Some AV's are persistent. It may benefit you trying to open a given AV using the keyboard, then navigating to "Realtime Protection" turning that off, then once the script has executed, turn Realtime Protection back on again. Quote
shamwow Posted July 4, 2015 Author Posted July 4, 2015 You need to know the process name (e.g. for Microsoft Security Essentials, process is "msseces.exe" in task manager) and if it requires administrative privileges to kill the task. You can then proceed to do this with the cmd command 'taskkill /id "msseces.exe" /f /t' That will kill the given process. If you need admin privileges, you need to make the rubber ducky start cmd with administrator privileges. See examples at USBRubberDucky.com.NOTE: Some AV's are persistent. It may benefit you trying to open a given AV using the keyboard, then navigating to "Realtime Protection" turning that off, then once the script has executed, turn Realtime Protection back on again. that didn't work on the current version of avg. Quote
Rkiver Posted July 4, 2015 Posted July 4, 2015 that didn't work on the current version of avg. Of course it wouldn't if you used msseces.exe However as pointed out, it may not work even if you used the correct process name. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.