最近无聊,随便看看,渗透一个内网的服务器,装的卡巴斯基,什么东西都被杀了,上了个不被杀的端口转发工具,估计是被拦截了,反弹不出来,于是在想怎么搞定卡巴斯基!
突然想到看看卡巴斯基的能不能支持命令行,一看,果然:
===========================
D:\Kaspersky Internet Security 6.0>avp /?
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.
Usage: avp.com command [options]
command Specifies the command to be executed.
HELP Show help
SCAN Start new scan
UPDATE Update databases and optionally application modules
ROLLBACK Rollback previously updated databases
START Start specified task
STOP Stop running task
PAUSE Pause running task
RESUME Resume paused task
STATUS Show task status
STATISTICS Show task statistics
EXPORT Export settings
IMPORT Import settings
ADDKEY Add key file
ACTIVATE Perform online activation
EXIT Exit product
Examples:
avp.com [ /? | HELP ]
avp.com command /?
avp.com HELP command
avp.com HELP SCAN
avp.com UPDATE /?
D:\Kaspersky Internet Security 6.0>avp status
Task State Completion Description
---------------------------------------------------
AntiPhishingService running
Anti_Hacker paused
Anti_Spam paused
Anti_Spy paused
AVService running
Behavior_Blocking paused
File_Monitoring paused
HTTP running
IMAP running
MailWasher running
Mail_Monitoring paused
NNTP running
POP3 running
ProcMon running
Rollback stopped
Scan_Critical_Areas stopped
Scan_My_Computer stopped
Scan_Objects completed
Scan_Quarantine stopped
Scan_Startup running 23% //这里扫描开始了,下面我终止掉
SMTP running
Spamtest stopped
StartupService stopped
TrafficMonitor running
Updater completed
Web_Monitoring paused
D:\Kaspersky Internet Security 6.0>avp stop Scan_Startup /password=tlm //这里我已经设置好了密码了
D:\Kaspersky Internet Security 6.0>avp status Scan_Startup
Scan_Startup stopped //扫描已经重新终止!
============================
但是卡巴斯基是不能够直接退出的,需要先设置密码,没有设置密码不允许退出:
============================
D:\Kaspersky Internet Security 6.0>avp exit
Error: Password required to exit
D:\Kaspersky Internet Security 6.0>
============================
命令行中也没看到如何设置密码,但是可以导出和导入配置文件,那我们可以从这里入手,先在本地装上相同的卡巴斯基,设置好密码和相关配置,然后导出,,把文件传送到服务器上然后导入,命令是:
============================
D:\Kaspersky Internet Security 6.0>avp export
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.
Usage: EXPORT <Profile|taskid> <filename>
<filename[.<ext>|.txt]> File to save settings
Examples:
avp.com EXPORT rtp rtp_settings.dat - binary export
avp.com EXPORT fm fm_settings.txt - plain export
D:\Kaspersky Internet Security 6.0>avp import
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.
Usage: IMPORT <filename>
<filename> File to restore settings
Examples:
avp.com IMPORT settings.dat
D:\Kaspersky Internet Security 6.0>
============================
此方法没有测试,因为服务器是装的服务器版本的,我装的是6.0互联网安全套装,配置文件肯定是不一样的,我这里的服务器也装的卡巴斯基,但是这几天服务器在调试,等过几天我再测试看看,先把这个思路放出来,如果有什么不到之处,还请大家指正!