A port of limbenjamin's LogServiceCrash project to C#.
Crashes the Windows eventlog service locally or remotely using OpenEventLogA/ElfClearEventLogFileW.
- Added the ability to specify a remote server from the cmdline
From limbenjamin's blogpost:
Windows Event Logging service will crash with an Access Violation when advapi32.dll!ElfClearEventLogFileW is called with a handle obtained from advapi32.dll!OpenEventLogA. By default, The service is restarted after the first and second failure only. Hence an adversary can crash the service 3 times after which he is able to execute further malicious commands without being logged. The fail count will be reset after 1 day by default.
- Crash the local computer's event log service
.\SharpCrashEventLog \\localhost
- Crash a remote computer's event log service
.\SharpCrashEventLog \\targetcomputer