Open Pouya47 opened 6 years ago
An alternative would be just to use mimikatz/kiwi meterpreter module and pass use kiwi_cmd '"privilege::debug" "event::drop" "event::clear"'
.
I think this kiwi_cmd works but add it to clearev or add new dropev module is great! I work on it the future ;)
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
Steps to reproduce
How'd you do it?
Expected behavior
Drop log before clearev, like mimikatz. In mimikatz Run privilege::debug then event::drop patch the event log. Then run Event::Clear to clear the event log without any log cleared event (1102) being logged.
Current behavior
clear events and create a 1102 log (event log cleared). Audit Success 7/25/2018 2:00:03 PM Eventlog 1102 Log clear
System stuff
Metasploit version
Framework: 4.17.2-dev Console : 4.17.2-dev
I installed Metasploit with:
OS
What OS are you running Metasploit on? 4.17.0-kali1-amd64