Metasploit mailing list archives

How can I read Binary Windows Registry Data?

From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Sun, 14 Dec 2008 19:34:29 -0400

Guys

   I'm writing a small module for a meterpreter script that will read the
registry keys where WEP and WPA keys and the SSID for the corresponsing keys
are stored, this data is in binary formay can anyone pointme in a direction
or help in interpreting the binary data?

Thanks

here is the code:

def wlanzeroconfig
    key = 'HKLM\\Software\\Microsoft\\WZCSVC\\Parameters\\Interfaces'
    root_key, base_key = client.sys.registry.splitkey(key)
    open_key = client.sys.registry.open_key(root_key,base_key,KEY_READ)
    keys = open_key.enum_key
    vals = open_key.enum_value
    if (keys.length > 0)
        keys.each { |subkey|
            format = 'z50z20z1020c'
            keyint = key+"\\#{subkey}"
            root_key, base_key = client.sys.registry.splitkey(keyint)
            open_keyint =
client.sys.registry.open_key(root_key,base_key,KEY_READ)
            valsint = open_keyint.enum_value
            valsint.find_all {|val|
                print_line(val.name)
                v = open_keyint.query_value(val.name)
                puts = v.data.to_s

            }
        }
    else
        print_line("This target appears to not have a Wireless
Interface")
    end

end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081214/b4155c22/attachment.htm>

Current thread:

How can I read Binary Windows Registry Data? Carlos Perez (Dec 14)
- How can I read Binary Windows Registry Data? Lukas Kuzmiak (Dec 14)