FW: Accessing registry through command line

[pmawson () deloitte co nz]

regedit is nice.
Allows you to import and export registry information to and from a text
file.

regedit /e c:\inetpub\wwwroot\registry.txt

Will dump a copy of the registry to text file (all you have access to read
anyway).
When just view it with your browser.

http://target/registry.txt

Goes without saying this will be a VERY large file.

It is possible to dump only parts of the registry with the regedit command.
Can't remember how to do this off the top of my head.  Have a look hear.
http://www.microsoft.com/technet

another good command to use with the Unicode exploit is 

winmsd /a /f

This writes a system report to text file.

This gives you a lot of really useful information.

The text file will be the name of the computer and is written to your
working directory.

Note:  This only works on IIS 4 (NT 4).

If anyone knows of a way to get this information on windows 2000 please let
me know.

P

-----Original Message-----
From: Esmerelda Fruitenschlein [mailto:efruitenschlein () hotmail com]
Sent: Friday, 5 October 2001 9:05 a.m.
To: pen-test () securityfocus com
Subject: Accessing registry through command line


I have remote execution of code through a unicode vulnerability on an IIS 
box.  I need to know if there is a way to get registry keys using only 
command line tools that are on a default NT install.  (No file upload, not 
even using echo >, etc.)  Perhaps something using rundll or somesuch thing?

Thanks.



Esmerelda Fruitenschlein, hacker extraordinaire

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

************************************************************
CAUTION:  This e-mail and any attachment(s) contains
information that is both confidential and possibly legally
privileged.  No reader may make any use of its content
unless that use is approved by Deloitte separately in writing.
Any opinion, advice or information contained in this e-mail
and any attachment(s) is to be treated as interim and
provisional only and for the strictly limited purpose of the
recipient as communicated to us.  Neither the recipient nor
any other person should act upon it without our separate
written authorisation of reliance.
If you have received this message in error please notify us
immediately and destroy this message.  Thank you.
Deloitte Touche Tohmatsu
Internet: www.deloitte.co.nz
************************************************************ 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/