Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:12 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1327815497&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Registry%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fregistry%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1327815497.1338192072.1338192072.1338192072.1%3B%2B__utmz%3D32867617.1338192072.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/111907/RadioGraPhy.zip http://packetstormsecurity.org/files/111907/RadioGraPhy.zip http://packetstormsecurity.org/files/111907/RadioGraPhy-Forensic-Tool.html Mon, 16 Apr 2012 16:55:55 GMT Radiography is a forensic tool which grabs as much information as possible from a Windows system. It checks registry keys related to start up processes, registry keys with Internet Explorer settings, host file contents, taskScheduler tasks, loaded system drivers, uses WinUnhide to catch hidden processes, and does much more. http://packetstormsecurity.org/files/110197/phpgiftregistry-sql.txt http://packetstormsecurity.org/files/110197/phpgiftregistry-sql.txt http://packetstormsecurity.org/files/110197/PHP-Gift-Registry-1.5.5-SQL-Injection.html Fri, 24 Feb 2012 23:35:47 GMT PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/105967/RHSA-2011-1380-01.txt http://packetstormsecurity.org/files/105967/RHSA-2011-1380-01.txt http://packetstormsecurity.org/files/105967/Red-Hat-Security-Advisory-2011-1380-01.html Wed, 19 Oct 2011 00:58:21 GMT Red Hat Security Advisory 2011-1380-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. http://packetstormsecurity.org/files/104877/regdecoderR19.zip http://packetstormsecurity.org/files/104877/regdecoderR19.zip http://packetstormsecurity.org/files/104877/Registry-Decoder-Digital-Forensics-Tool.html Thu, 08 Sep 2011 01:51:53 GMT Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents. http://packetstormsecurity.org/files/104371/sa45686.txt http://packetstormsecurity.org/files/104371/sa45686.txt http://packetstormsecurity.org/files/104371/Secunia-Security-Advisory-45686.html Tue, 23 Aug 2011 06:07:03 GMT Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct script insertion attacks. http://packetstormsecurity.org/files/103150/iconics_genbroker.rb.txt http://packetstormsecurity.org/files/103150/iconics_genbroker.rb.txt http://packetstormsecurity.org/files/103150/Iconics-GENESIS32-Integer-Overflow.html Tue, 19 Jul 2011 02:47:15 GMT Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported. http://packetstormsecurity.org/files/103110/java_rmi_server.rb.txt http://packetstormsecurity.org/files/103110/java_rmi_server.rb.txt http://packetstormsecurity.org/files/103110/Java-RMI-Server-Insecure-Default-Configuration-Java-Code-Execution.html Sat, 16 Jul 2011 15:49:37 GMT This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication. http://packetstormsecurity.org/files/103094/9sg_dell_activex.txt http://packetstormsecurity.org/files/103094/9sg_dell_activex.txt http://packetstormsecurity.org/files/103094/Dell-IT-Assistant-detectIESettingsForITA.ocx-Remote-Registry-Dump.html Sat, 16 Jul 2011 03:35:48 GMT Dell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit. http://packetstormsecurity.org/files/102455/grokevt-0.5.0.tar.gz http://packetstormsecurity.org/files/102455/grokevt-0.5.0.tar.gz http://packetstormsecurity.org/files/102455/GrokEVT-Scripts-0.5.0.html Mon, 20 Jun 2011 22:12:39 GMT GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/102443/reglookup-src-1.0.0.tar.gz http://packetstormsecurity.org/files/102443/reglookup-src-1.0.0.tar.gz http://packetstormsecurity.org/files/102443/RegLookup-Registry-Parser-1.0.0.html Mon, 20 Jun 2011 08:35:37 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/101015/reglookup-src-0.99.0.tar.gz http://packetstormsecurity.org/files/101015/reglookup-src-0.99.0.tar.gz http://packetstormsecurity.org/files/101015/RegLookup-Registry-Parser-0.99.0.html Mon, 02 May 2011 18:04:33 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/100289/regstringwiper.exe http://packetstormsecurity.org/files/100289/regstringwiper.exe http://packetstormsecurity.org/files/100289/Registry-String-Wiper.html Sun, 10 Apr 2011 12:11:11 GMT This windows binary is a lightweight tool for removing strings in the Windows registry. http://packetstormsecurity.org/files/97100/sa42742.txt http://packetstormsecurity.org/files/97100/sa42742.txt http://packetstormsecurity.org/files/97100/Secunia-Security-Advisory-42742.html Tue, 28 Dec 2010 08:35:27 GMT Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/95167/multisoft-dllhijack.txt http://packetstormsecurity.org/files/95167/multisoft-dllhijack.txt http://packetstormsecurity.org/files/95167/SmartFTP-Speak-Aloud-The-GodFather-Vip-Rumor-Player-Wise-Registry-Cleaner-DLL-Hijacking.html Wed, 27 Oct 2010 01:53:22 GMT SmartFTP version 4.0.1142.0, Speak Aloud, The GodFather version 0.80, Vip Rumor Player version 3.7 and Wise Registry Cleaner DLL hijacking exploit. http://packetstormsecurity.org/files/92624/ZDI-10-145.txt http://packetstormsecurity.org/files/92624/ZDI-10-145.txt http://packetstormsecurity.org/files/92624/Zero-Day-Initiative-Advisory-10-145.html Thu, 12 Aug 2010 04:57:39 GMT Zero Day Initiative Advisory 10-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed. http://packetstormsecurity.org/files/92535/sa40862.txt http://packetstormsecurity.org/files/92535/sa40862.txt http://packetstormsecurity.org/files/92535/Secunia-Security-Advisory-40862.html Sat, 07 Aug 2010 07:31:49 GMT Secunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/87829/HPSBMA02490-SSRT090222.txt http://packetstormsecurity.org/files/87829/HPSBMA02490-SSRT090222.txt http://packetstormsecurity.org/files/87829/HP-Security-Bulletin-HPSBMA02490-SSRT090222.html Wed, 31 Mar 2010 01:57:09 GMT HP Security Bulletin - Potential security vulnerabilities have been identified with HP SOA Registry Foundation. The vulnerabilities could be exploited remotely to gain unauthorized access to data, for cross site scripting (XSS), or to escalate privileges. http://packetstormsecurity.org/files/87775/sa39187.txt http://packetstormsecurity.org/files/87775/sa39187.txt http://packetstormsecurity.org/files/87775/Secunia-Security-Advisory-39187.html Tue, 30 Mar 2010 14:58:12 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in HP SOA Registry Foundation, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. http://packetstormsecurity.org/files/87018/reglookup-0.12.0.tar.gz http://packetstormsecurity.org/files/87018/reglookup-0.12.0.tar.gz http://packetstormsecurity.org/files/87018/RegLookup-Register-Parser-0.12.0.html Tue, 09 Mar 2010 21:12:34 GMT RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later. http://packetstormsecurity.org/files/85008/tsl-bypass.txt http://packetstormsecurity.org/files/85008/tsl-bypass.txt http://packetstormsecurity.org/files/85008/Terminal-Server-License-Bypass.html Mon, 11 Jan 2010 22:21:23 GMT This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server. http://packetstormsecurity.org/files/83149/ms06_025_rasmans_reg.rb.txt http://packetstormsecurity.org/files/83149/ms06_025_rasmans_reg.rb.txt http://packetstormsecurity.org/files/83149/Microsoft-RRAS-Service-RASMAN-Registry-Overflow.html Thu, 26 Nov 2009 00:34:53 GMT This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook http://packetstormsecurity.org/files/75032/MDVSA-2009-042.txt http://packetstormsecurity.org/files/75032/MDVSA-2009-042.txt http://packetstormsecurity.org/files/75032/Mandriva-Linux-Security-Advisory-2009-042.html Wed, 18 Feb 2009 22:21:24 GMT Mandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue. http://packetstormsecurity.org/files/73608/USN-702-1.txt http://packetstormsecurity.org/files/73608/USN-702-1.txt http://packetstormsecurity.org/files/73608/Ubuntu-Security-Notice-702-1.html Tue, 06 Jan 2009 02:00:41 GMT Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default. http://packetstormsecurity.org/files/71020/hummingbird-registry.txt http://packetstormsecurity.org/files/71020/hummingbird-registry.txt http://packetstormsecurity.org/files/71020/hummingbird-registry.txt.html Fri, 17 Oct 2008 21:28:34 GMT Hummingbird Deployment Wizard 2008 with DeployRun.dll versions 10.0.0.44 and below suffer from a registry value creation/change vulnerability. http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz.html Fri, 21 Mar 2008 22:48:54 GMT GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.