Re: Accessing registry through command line

From: Penetration Testing (pentest@infosecure.com.au)
Date: 10/09/01


Date: Mon, 8 Oct 2001 15:21:08 -0800 (GMT+8)
From: Penetration Testing <pentest@infosecure.com.au>
To: Esmerelda Fruitenschlein <efruitenschlein@hotmail.com>
Subject: Re: Accessing registry through command line
Message-ID: <Pine.LNX.4.21.0110081508230.4494-100000@gateway.infosecure.com.au>

On Thu, 4 Oct 2001, Esmerelda Fruitenschlein wrote:

> I have remote execution of code through a unicode vulnerability on an IIS
> box. I need to know if there is a way to get registry keys using only
> command line tools that are on a default NT install. (No file upload, not
> even using echo >, etc.) Perhaps something using rundll or somesuch thing?
>

As the other responses have mentioned, regedit can be used to dump all or
portions of the registry. I haven't had any luck using it to make changes
to the registry, as it pops up a confirmation dialog to the console about
the proposed changes. I don't know of any way of controlling windowing
apps from the command line.

I found a tool (via google) called simply "reg.exe" that does command line
reg edits without requiring console confirmation. This has worked for me
in the past.

I doubt that you would be able to interface to rundll without having the
facility of loading _some_ code onto the box.

Regards,
Dave Taylor

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/