One Hat Cyber Team

Your IP : 172.16.0.254

Server IP : 58.26.163.33

Server : Windows NT DGPENSV2LPKMN 10.0 build 14393 (Windows Server 2016) AMD64

Server Software : Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.25

PHP Version : 7.3.25

Buat File | Buat Folder

Dir : C:/Windows/System32/wbem/

Edit File: nlsvc.mof

//*********************************************
// *** Active Directory Service Provider: NetLogon
//*********************************************
#pragma autorecover
#pragma classflags("forceupdate")
#pragma namespace ("\\\\.\\Root\\WMI")

[Dynamic, 
  Description("Active Directory: NetLogon") : amended,
  Guid("{f33959b4-dbec-11d2-895b-00c04f79ab69}"),
  locale("MS\\0x409")]
class MSNetLogonTrace:EventTrace
{
};

[Dynamic,
 Description("NetLogon Server Authentication") : amended,
 Guid("{393da8c0-dbed-11d2-895b-00c04f79ab69}"),
 DisplayName("NlServerAuth"),
 locale("MS\\0x409")
]
class NlServerAuth:MSNetLogonTrace
{

};

[Dynamic,
 Description("NetLogon Server Authentication") : amended,
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NlServerAuth_Start:NlServerAuth
{
    [WmiDataId(1),
     Description("Client") : amended,
     StringTermination("NullTerminated"),
     format("w"),
     read]
     string  Client;
    [WmiDataId(2),
     Description("Account") : amended,
     StringTermination("NullTerminated"),
     format("w"),
     read]
     string  Account;
    [WmiDataId(3),
     Description("Channel Type") : amended,
     format("x"),
     read]
     uint32  ChannelType;
    [WmiDataId(4),
     Description("Negotiated Flags") : amended,
     format("x"),
     read]
     uint32  NegotiatedFlags;
};

[Dynamic,
 Description("NetLogon Server Authentication") : amended,
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NlServerAuth_End:NlServerAuth
{
    [WmiDataId(1),
     Description("Client") : amended,
     StringTermination("NullTerminated"),
     format("w"),
     read]
     string  Client;
    [WmiDataId(2),
     Description("Account") : amended,
     StringTermination("NullTerminated"),
     format("w"),
     read]
     string  Account;
    [WmiDataId(3),
     Description("Channel Type") : amended,
     format("x"),
     read]
     uint32  ChannelType;
    [WmiDataId(4),
     Description("Negotiated Flags") : amended,
     format("x"),
     read]
     uint32  NegotiatedFlags;
    [WmiDataId(5),
     Description("Status") : amended,
     format("x"),
     read]
     uint32  Status;
};

[Dynamic,
 Description("NetLogon Secure Channel Setup") : amended,
 Guid("{63dbb180-dbed-11d2-895b-00c04f79ab69}"),
 DisplayName("NlSecChanlSetup"),
 locale("MS\\0x409")
]
class NlSecChanlSetup:MSNetLogonTrace
{

};

[Dynamic,
 Description("NetLogon Secure Channel Setup") : amended,
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NlSecChanlSetup_Start:NlSecChanlSetup
{
};

[Dynamic,
 Description("NetLogon Secure Channel Setup") : amended,
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NlSecChanlSetup_End:NlSecChanlSetup
{
};