[PEN-TEST] FW: [PEN-TEST] Security Issues ... NT vuln ?

From: Mawson, Phillip (pmawsonat_private)
Date: Mon Apr 16 2001 - 16:28:02 PDT

  • Next message: Cristiano Lincoln Mattos: "[PEN-TEST] linux iptables ftp port command -- demo tool"

    If you are looking for something that comes standard with NT or 2000 use regedit.
    
    You can use the /e switch to export key and value information from the registry.
    
    regedit /e c:\temp\regdump.reg
    
    This will dump all information from the registry to a text file. You are still restricted by ACL's but this is not usually a problem as by default everyone has access to read most of the registry.
    
    This tends to make quite a large text file. It is possible to specifically dump information for only one registry key.
    
    regedit /e c:\temp\regdump.reg \\HKEY_LOACL_MACHINE\SOFTWARE\TEST\
    
    This is a good information gathering exercise that works well with exploits like Unicode on IIS.
    
    regedit /s c:\temp\input.reg
    Where input.reg contains something along the lines of:
    
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\TEST]
    "FileName"="test.exe"
    
    Will allow you to add or change information in the registry that you have access to.
    
    Hope this helps.  It is not the best way of adding/changing values in the registry.  I would only recommend using it if there is no other option available to you.
    
    Phill.
     
    
     -----Original Message-----
    From: 	adi77at_private  Sent:	Friday, 13 April 2001 11:42 a.m.
    To:	PEN-TESTat_private
    Subject:	Re: [PEN-TEST] Security Issues ... NT vuln ?
    
    Simply use reg.exe tool that comes with WinNT 4.0 Resource Kit.
    
    reg
    
    Command-line registry manipulation utility version 1.00.
    Copyright Microsoft Corporation 1997.  All rights reserved.
    
    REG operation <Parameter List>
    
      operation     [ QUERY | ADD    | UPDATE  | DELETE | COPY  |
                      SAVE  | BACKUP | RESTORE | LOAD   | UNLOAD ]
    
    For help on a specific operation type:
      REG operation /?
    
    Examples:
    
      REG QUERY /?
      REG ADD /?
      REG UPDATE /?
      REG DELETE /?
      REG COPY /?
      REG SAVE /?
      REG BACKUP /?
      REG RESTORE /?
      REG LOAD /?
      REG UNLOAD /?
    
    Cheers,
    
    Adrian Lazar
    
    -----Original Message-----
    From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf
    Of Lahoz Casarramona, Gemma
    Sent: Wednesday, April 11, 2001 1:58 AM
    To: PEN-TESTat_private
    Subject: Re: [PEN-TEST] Security Issues ... NT vuln ?
    
    
    KiXtart95, an enhanced batch language for Win95 and WinNT (I've got it
    working on Win2k as well) can do that for you. It comes with the Windows NT
    4.0 Resource Kit, accompanied by a very good manual that explains how to use
    it.
    
    
    -----Original Message-----
    From: sekure [mailto:sekureat_private]
    Sent: dinsdag 10 april 2001 13:54
    To: PEN-TESTat_private
    Subject: [PEN-TEST] Security Issues ... NT vuln ?
    
    
    6) Somebody know a program for command (cmd.exe or command.com) that can
       manipule the registry ?? To see keys, write in keys, ... ! Do you know??
       Where i can get it ??
    
    
    ************************************************************
    CAUTION:  This e-mail and any attachment(s) contains
    information that is both confidential and possibly legally
    privileged.  No reader may make any use of its content
    unless that use is approved by Deloitte separately in
    writing.
    Any opinion, advice or information contained in this e-mail
    and any attachment(s) is to be treated as interim and
    provisional only and for the strictly limited purpose of the
    recipient as communicated to us.  Neither the recipient nor
    any other person should act upon it without our separate
    written authorisation of reliance.
    If you have received this message in error please notify us
    immediately and destroy this message.  Thank you.
    Phillip Mawson
    Deloitte Touche Tohmatsu
    Internet: www.deloitte.co.nz
    ************************************************************
    



    This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 17:07:39 PDT