Announcement

Collapse
No announcement yet.

Metasploit 3.1 unwelcome passenger?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Metasploit 3.1 unwelcome passenger?

    Blog posted here: https://forum.defcon.org/blog.php?b=11

    Can anyone else try this:

    Loaded up Metasploit 3.1 from metasploit3.com on a Windows XP box. After install my anti-virus (AVG-free) freaked out at the tools/nc.exe binary claiming a trojan

    Can anyone else try this and confirm or deny?

    MSF dev team has been emailed

    EDIT: virustotal.com did'nt find anything. Any ideas?
    Last edited by renderman; January 31, 2008, 12:01.
    Never drink anything larger than your head!






  • #2
    Re: Metasploit 3.1 unwelcome passenger?

    Originally posted by renderman View Post
    Blog posted here: https://forum.defcon.org/blog.php?b=11

    Can anyone else try this:

    Loaded up Metasploit 3.1 from metasploit3.com on a Windows XP box. After install my anti-virus (AVG-free) freaked out at the tools/nc.exe binary claiming a trojan

    Can anyone else try this and confirm or deny?

    MSF dev team has been emailed

    EDIT: virustotal.com did'nt find anything. Any ideas?
    I've found that many anti virus tools detect nc.exe (netcat) and a trojan, hack tool and other stupid things.

    I'm willing to bet that this is what is happening.

    Comment


    • #3
      Re: Metasploit 3.1 unwelcome passenger?

      Originally posted by entr0py View Post
      I've found that many anti virus tools detect nc.exe (netcat) and a trojan, hack tool and other stupid things.

      I'm willing to bet that this is what is happening.
      I totally agree, but usually it just flags it as a 'hacking tool'. This one is flagging it as a completely different trojan. Maybe it shares code or something
      Never drink anything larger than your head!





      Comment


      • #4
        Re: Metasploit 3.1 unwelcome passenger?

        NOD32 in automatic mode actually prevents me from fully downloading the executable. In manual mode the threat comes up:
        Win32/RemoteAdmin.Netcat application
        And then quarantines it.

        When I used Symantec, I would put all my "hack tools" under one overall directory, and tell Symantec to ignore that directory and its subs.
        "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

        Comment


        • #5
          Re: Metasploit 3.1 unwelcome passenger?

          Yup... I think most A/V's have been eating netcat for a while. More than once I have plugged my personal USB drive into the work laptop only for the A/V to go apeshit.

          A good tutorial on changing netcat to avoid A/V can be found here:
          http://packetstormsecurity.org/paper...ack_Netcat.pdf

          I have not tried it out of laziness.. it is easier to just exclude it from the scan if possible.
          Happiness is a belt-fed weapon.

          Comment


          • #6
            Re: Metasploit 3.1 unwelcome passenger?

            Looks like it's just a nasty false positive (listing it as a trojan, not a hacktool)

            Glad others could verify I was'nt crazy (this time)
            Never drink anything larger than your head!





            Comment


            • #7
              Re: Metasploit 3.1 unwelcome passenger?

              Originally posted by renderman View Post
              Looks like it's just a nasty false positive (listing it as a trojan, not a hacktool)

              Glad others could verify I was'nt crazy (this time)
              No, you're crazy. For using an awesome tool like Metasploit on a shitty OS like Windows.
              perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

              Comment


              • #8
                Re: Metasploit 3.1 unwelcome passenger?

                Originally posted by Chris View Post
                No, you're crazy. For using an awesome tool like Metasploit on a shitty OS like Windows.
                Dual boot. wanted similar tools on both sides to avoid rebooting unless necessary. But in general, yeah, your right.
                Never drink anything larger than your head!





                Comment


                • #9
                  Re: Metasploit 3.1 unwelcome passenger?

                  Originally posted by renderman View Post
                  Dual boot. wanted similar tools on both sides to avoid rebooting unless necessary. But in general, yeah, your right.
                  I just read an article about this brand new product called vmware

                  Check it out
                  perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                  Comment


                  • #10
                    Re: Metasploit 3.1 unwelcome passenger?

                    A lot of AV products that I've tried classify security tools as some form of malware.

                    This includes:

                    ESET NOD32
                    Any Symantec AV
                    Mcafee
                    Kaspersky
                    Eeye Blink(I currently use for Windows)


                    ...etc

                    xor


                    We were just discussing this on my local LUG regarding PSTools and that fact the most AV products classify them as malware.
                    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                    Comment


                    • #11
                      Re: Metasploit 3.1 unwelcome passenger?

                      I can understand the classification as a Trojan, as well as running windows .. But.. Why are you shitting the system up even more with antivirus software that constantly scans your system?? I think my grandmother and dentist roll that way :p
                      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                      Comment

                      Working...
                      X