Getuid returns that I'm running as NT AUTHORITY\SYSTEM:
But using "kill [pid]" tells me access is denied!
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
Similarly dropping into a shell:
meterpreter > kill 2520
[-] stdapi_sys_process_kill: Operation failed: Access is denied.
What gives?? The process in question is avgwdsvc.exe - the avg watchdog service. If NT AUTHORITY\SYSTEM doesn't have access, who does??
C:\WINDOWS\system32>taskkill /F /PID 2520
taskkill /F /PID 2520
ERROR: The process with PID 2520 could not be terminated.
Reason: Access is denied.