If you are looking for something that comes standard with NT or 2000 use regedit.

You can use the /e switch to export key and value information from the registry.

regedit /e c:\temp\regdump.reg

This will dump all information from the registry to a text file. You are still restricted by ACL's but this is not usually a problem as by default everyone has access to read most of the registry.

This tends to make quite a large text file. It is possible to specifically dump information for only one registry key.

regedit /e c:\temp\regdump.reg \\HKEY_LOACL_MACHINE\SOFTWARE\TEST\

This is a good information gathering exercise that works well with exploits like Unicode on IIS.

regedit /s c:\temp\input.reg
Where input.reg contains something along the lines of:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\TEST]
"FileName"="test.exe"

Will allow you to add or change information in the registry that you have access to.

Hope this helps. It is not the best way of adding/changing values in the registry. I would only recommend using it if there is no other option available to you.

Phill.
 

 -----Original Message-----
From: adi77HOME.COM Sent: Friday, 13 April 2001 11:42 a.m.
To: PEN-TESTSECURITYFOCUS.COM
Subject: Re: [PEN-TEST] Security Issues ... NT vuln ?

Simply use reg.exe tool that comes with WinNT 4.0 Resource Kit.

reg

Command-line registry manipulation utility version 1.00.
Copyright Microsoft Corporation 1997. All rights reserved.

REG operation <Parameter List>

  operation [ QUERY | ADD | UPDATE | DELETE | COPY |
                  SAVE | BACKUP | RESTORE | LOAD | UNLOAD ]

For help on a specific operation type:
  REG operation /?

Examples:

  REG QUERY /?
  REG ADD /?
  REG UPDATE /?
  REG DELETE /?
  REG COPY /?
  REG SAVE /?
  REG BACKUP /?
  REG RESTORE /?
  REG LOAD /?
  REG UNLOAD /?

Cheers,

Adrian Lazar

-----Original Message-----
From: Penetration Testers [mailto:PEN-TESTSECURITYFOCUS.COM]On Behalf
Of Lahoz Casarramona, Gemma
Sent: Wednesday, April 11, 2001 1:58 AM
To: PEN-TESTSECURITYFOCUS.COM
Subject: Re: [PEN-TEST] Security Issues ... NT vuln ?

KiXtart95, an enhanced batch language for Win95 and WinNT (I've got it
working on Win2k as well) can do that for you. It comes with the Windows NT
4.0 Resource Kit, accompanied by a very good manual that explains how to use
it.

-----Original Message-----
From: sekure [mailto:sekureHADRION.COM.BR]
Sent: dinsdag 10 april 2001 13:54
To: PEN-TESTSECURITYFOCUS.COM
Subject: [PEN-TEST] Security Issues ... NT vuln ?

6) Somebody know a program for command (cmd.exe or command.com) that can
   manipule the registry ?? To see keys, write in keys, ... ! Do you know??
   Where i can get it ??

************************************************************
CAUTION: This e-mail and any attachment(s) contains
information that is both confidential and possibly legally
privileged. No reader may make any use of its content
unless that use is approved by Deloitte separately in
writing.
Any opinion, advice or information contained in this e-mail
and any attachment(s) is to be treated as interim and
provisional only and for the strictly limited purpose of the
recipient as communicated to us. Neither the recipient nor
any other person should act upon it without our separate
written authorisation of reliance.
If you have received this message in error please notify us
immediately and destroy this message. Thank you.
Phillip Mawson
Deloitte Touche Tohmatsu
Internet: www.deloitte.co.nz
************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]