Re: Accessing registry through command line

From: steven.m.gill@us.pwcglobal.com
Date: 10/07/01


From: <steven.m.gill@us.pwcglobal.com>
Date: Sun, 07 Oct 2001 17:54:25 -0400
Subject: Re: Accessing registry through command line
To: efruitenschlein@hotmail.com
Message-id: <OF81895731.C6FF54EE-ON85256ADE.00785041@us.pw.com>

You can use this syntax (I've done it several times on a pen-test)

regedit -e <filename> <hive\key>

So, say I want to pull the VNC keys so I can see the encrypted password, I
can use this command:

regedit -e vnckeys.reg HKEY_LOCAL_MACHINE\SOFTWARE\ORL

(this will work provided your user has read privies over the key)

You can then move the test.reg into to webroot so that you can download it.

Regards,

Steve

                                                                                                                         
                    Esmerelda
                    Fruitenschlein To: pen-test@securityfocus.com
                    <efruitenschlein@ho cc:
                    tmail.com> Subject: Accessing registry through command line
                                                                                                                         
                    10/04/2001 05:05 PM
                                                                                                                         
                                                                                                                         

I have remote execution of code through a unicode vulnerability on an IIS
box. I need to know if there is a way to get registry keys using only
command line tools that are on a default NT install. (No file upload, not
even using echo >, etc.) Perhaps something using rundll or somesuch thing?

Thanks.

Esmerelda Fruitenschlein, hacker extraordinaire

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Command line network sniffing tools on NT/W2K
    ... command line is available on an exploited dual homed NT or W2K box. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • htp.print in pen-test
    ... When i insert the htp.print in the browser command line. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Command line network sniffing tools on NT/W2K
    ... Command line network sniffing tools on NT/W2K ... why not install WinVNC...you can install it and ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)