[Samba] regshell only goes to HKEY_CLASSES_ROOT

Hoover, Tony hoover at sal.ksu.edu
Fri Jan 16 15:08:14 GMT 2009


My bad.  
Damn Outhouse (outlook) removed necessary line breaks in your command line.

please disregard my previous response.


 ------------------------------------------------------------------------
Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."
------------------------------------------------------------------------

-----Original Message-----
From: samba-bounces+hoover=sal.ksu.edu at lists.samba.org
[mailto:samba-bounces+hoover=sal.ksu.edu at lists.samba.org] On Behalf Of
Hoover, Tony
Sent: Friday, January 16, 2009 8:24 AM
To: TopCom 900; samba at lists.samba.org
Subject: RE: [Samba] regshell only goes to HKEY_CLASSES_ROOT

It seems to me that you have only told it to load the remote machine's HCR
hive.

Try it with this:
./regshell --remote=192.168.50.142 --user=Administrador%xxx
HKEY_LOCAL_MACHINE>


I don't know for sure, but that seems like it should work 


 ------------------------------------------------------------------------
Tony Hoover, Network Administrator
KSU - Salina, College of Technology and Aviation
(785) 826-2660

"Don't Blend in..."
------------------------------------------------------------------------

-----Original Message-----
From: samba-bounces+hoover=sal.ksu.edu at lists.samba.org
[mailto:samba-bounces+hoover=sal.ksu.edu at lists.samba.org] On Behalf Of
TopCom 900
Sent: Friday, January 16, 2009 4:50 AM
To: samba at lists.samba.org
Subject: [Samba] regshell only goes to HKEY_CLASSES_ROOT

Hi all,

I've compiled samba 4 from branches and it worked like a charm.

I'm trying to use regshell to read (remotely) the following Windows registry
key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

I can connect to the remote machine with no problems:

./regshell --remote=192.168.50.142 --user=Administrador%xxx
HKEY_CLASSES_ROOT>


HKEY_CLASSES_ROOT> info
Name: HKEY_CLASSES_ROOT
Full path: HKEY_CLASSES_ROOT
Time Last Modified: Wed Dec 31 19:00:00 1969

Number of subkeys: 2943
Number of values: 0
Maximum sub key name length: 140
Error getting security descriptor

I can also see the keys under HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT> list
<snip>
K System.Collections.CaseInsensitiveComparer
K System.Collections.CaseInsensitiveHashCodeProvider
K System.Collections.Hashtable
K System.Collections.Queue
K System.Collections.SortedList
K System.Collections.Stack
K System.ContextMarshalException

<snip>

Problem is when I want to go to another key, in this case I want to read, as
I said before,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CLASSES_ROOT> predef
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT> pwd
HKEY_CLASSES_ROOT

There is no way I can read the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, I've
tried loads of combinations, even escaping the "\"

Am I missing something? How can I read that key or at least move from
HKEY_CLASSES_ROOT key, which is the one I can only see.


Thank you in advance.

T
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list