| Main Archive Page > Month Archives > metasploit-framework archives |
Re: [framework] Bug?: Timestomp doesn't work on Win7 32bit host
From: Brian <briaar_at_nospam>Date: Mon Jan 03 2011 - 00:40:37 GMT
To: ricky-lee birtles <mr.r.birtles@gmail.com>
Hi Ricky,
It still fails even running as system:
> meterpreter > getsystem
> ...got system (via technique 1).
> meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> meterpreter >
-Brian
On Sun, Jan 2, 2011 at 5:25 PM, ricky-lee birtles <mr.r.birtles@gmail.com>wrote:
> Try running it as system
> On 3 Jan 2011 00:16, "Brian" <briaar@gmail.com> wrote:
> > Test host is a fresh Win7 32bit install.
> >
> > meterpreter > getuid
> > Server username: WIN7\Administrator
> > meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> > [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> > [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> > meterpreter > getsystem
> > ...got system (via technique 1).
> > meterpreter > timestomp c:\\raw.dll -f c:\\windows\\notepad.exe
> > [*] Setting MACE attributes on c:\raw.dll from c:\windows\notepad.exe
> > [-] priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> > meterpreter >
> >
> > I've also noticed meterpreter scripts that call
> > "priv_fs_set_file_mace_from_file" also fail.
> >
> > Scripts error: Error changing MACE: Rex::Post::Meterpreter::RequestError
> > priv_fs_set_file_mace_from_file: Operation failed: Access is denied.
> >
> > Any thoughts?
> >
> > Cheers,
> >
> > -Brian
>
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework