tag:blogger.com,1999:blog-8453453300736107961.post6491784302059475592..comments2024-02-21T03:31:19.668-05:00Comments on obscuresec: Guest Blog Posts and ConsChrishttp://www.blogger.com/profile/10815120708533310068noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8453453300736107961.post-17482957344991970002013-09-17T23:30:50.711-04:002013-09-17T23:30:50.711-04:00Sorry about that. Fixed it.Sorry about that. Fixed it.Chrishttps://www.blogger.com/profile/10815120708533310068noreply@blogger.comtag:blogger.com,1999:blog-8453453300736107961.post-44462298215716590992013-09-04T03:26:05.929-04:002013-09-04T03:26:05.929-04:00Hi Chris , the "PowerSploit: The Easiest Shel...Hi Chris , the "PowerSploit: The Easiest Shell You’ll Ever Get" link is dead ;(Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8453453300736107961.post-43190408683217141272013-08-03T23:59:42.843-04:002013-08-03T23:59:42.843-04:00First, I would make sure that you ran PowerShell a...First, I would make sure that you ran PowerShell as administrator. Next remember that it isn't a script, but a function that has to be called. I would guess the first issue is the problem, but also double-check that there is a security eventlog on the machine. If you want to share more details, shoot me an email and I will try and help you out. Email is obscuresec at google's email. Chrishttps://www.blogger.com/profile/10815120708533310068noreply@blogger.comtag:blogger.com,1999:blog-8453453300736107961.post-37708804685624516182013-08-02T23:04:29.418-04:002013-08-02T23:04:29.418-04:00Hey Chris,
Great talk at Blackhat. I tried the Fin...Hey Chris,<br />Great talk at Blackhat. I tried the Find-NTLMLogon.ps1 script in my environment, and am getting the following error. Is this an indication of the security event log being acl'ed to the point where get-winevent cannot read it? Any recommendations on how to get the script working?<br /><br /><br />Get-WinEvent : Could not retrieve information about the Security log. Error:<br />Attempted to perform an unauthorized operation..<br />At \Find-NTLMNetworkLogon.ps1:27 char:15<br />+ $Events = Get-WinEvent -Logname "security" -FilterXPath $Filter |<br />Where-Obje ...<br />+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /> + CategoryInfo : NotSpecified: (:) [Get-WinEvent], Exception<br /> + FullyQualifiedErrorId : LogInfoUnavailable,Microsoft.PowerShell.Commands<br /> .GetWinEventCommand<br /><br />Get-WinEvent : There is not an event log on the localhost computer that<br />matches "security".<br />At \Find-NTLMNetworkLogon.ps1:27 char:15<br />+ $Events = Get-WinEvent -Logname "security" -FilterXPath $Filter |<br />Where-Obje ...<br />+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /> + CategoryInfo : ObjectNotFound: (security:String) [Get-WinEvent]<br /> , Exception<br /> + FullyQualifiedErrorId : NoMatchingLogsFound,Microsoft.PowerShell.Command<br /> s.GetWinEventCommand<br /><br />ThanksAnonymousnoreply@blogger.com