Skip to content
/ Ballgag Public

A tool used to clear Windows Event Logs without invoking wevtutil

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hypervis0r/Ballgag

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
Ballgag.sln
Ballgag.sln
 
 
Ballgag.vcxproj
Ballgag.vcxproj
 
 
Ballgag.vcxproj.filters
Ballgag.vcxproj.filters
 
 
README.md
README.md
 
 
ballgag.c
ballgag.c
 
 

Repository files navigation

Ballgag

A tool used to clear Windows Event Logs without invoking wevtutil.exe

Usage

Remote

C:\>ballgag.exe <domain> <dc> <username> <password>

  • Domain - the AD root domain

  • DC - the IP or hostname of the Domain Controller target

  • Username - the username of the account used to clear the logs

  • Password - the password for said account

Local

C:\>ballgag.exe

  • Just run it as admin ;)

Gotchas

  • Account used for clearing logs must be a part of the Administrators group.

  • If the target machine is remote, the target must have Remote Event Log Management enabled in the firewall.

    If the target machine does not have Remote Event Log Management enabled, run locally.

TODO

  • Better argument parsing
  • Pass-the-Hash abilities
  • Clearing specific log channels
  • Save cleared logs to a file
  • Shut the event log service up for good by killing its threads
  • impacket script?

About

A tool used to clear Windows Event Logs without invoking wevtutil

Topics

windows active-directory pentesting post-exploitation red-team

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

Ballgag v1.0.0 Latest
Oct 2, 2021

Packages

No packages published

Languages