Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@w00den-pickle:/home/bperry/tmo/hives/ntreg-ruby# ruby ntreg.rb '\Select' ../SYSTEM
- Hive name: "SYSTEM"
- Found root key: CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}
- The values and data of \CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}\Select are:
- "Current: \x01\x00\x00\x00"
- "Default: \x01\x00\x00\x00"
- "Failed: \x00\x00\x00\x00"
- "LastKnownGood: \x02\x00\x00\x00"
- root@w00den-pickle:/home/bperry/tmo/hives/ntreg-ruby# ruby ntreg.rb '\ControlSet001\Control\Lsa' ../SYSTEM
- Hive name: "SYSTEM"
- Found root key: CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}
- The children of \CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}\ControlSet001\Control\Lsa are:
- "AccessProviders"
- "Audit"
- "Credssp"
- "Data"
- "FipsAlgorithmPolicy"
- "GBG"
- "JD"
- "Kerberos"
- "MSV1_0"
- "Skew1"
- "SSO"
- "SspiCache"
- The values and data of \CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}\ControlSet001\Control\Lsa are:
- "auditbaseobjects: \x00\x00\x00\x00"
- "auditbasedirectories: \x00\x00\x00\x00"
- "crashonauditfail: \x00\x00\x00\x00"
- "fullprivilegeauditing: \x00\x00\x00\x00"
- "Bounds: \x000\x00\x00\x00 \x00\x00"
- "LimitBlankPasswordUse: \x01\x00\x00\x00"
- "NoLmHash: \x01\x00\x00\x00"
- "Notification Packages: s\x00c\x00e\x00c\x00l\x00i\x00\x00\x00\x00\x00"
- "Security Packages: k\x00e\x00r\x00b\x00e\x00r\x00o\x00s\x00\x00\x00m\x00s\x00v\x001\x00_\x000\x00\x00\x00s\x00c\x00h\x00a\x00n\x00n\x00e\x00l\x00\x00\x00w\x00d\x00i\x00g\x00e\x00s\x00t\x00\x00\x00t\x00s\x00p\x00k\x00g\x00\x00\x00p\x00k\x00u\x002\x00u\x00\x00\x00\x00\x00"
- "Authentication Packages: m\x00s\x00v\x001\x00_\x000\x00\x00\x00\x00\x00"
- "LsaPid: \xEC\x01\x00\x00"
- "SecureBoot: \x01\x00\x00\x00"
- "ProductType: \x02\x00\x00\x00"
- "disabledomaincreds: \x00\x00\x00\x00"
- "everyoneincludesanonymous: \x00\x00\x00\x00"
- "forceguest: \x00\x00\x00\x00"
- "restrictanonymous: \x00\x00\x00\x00"
- "restrictanonymoussam: \x01\x00\x00\x00"
- root@w00den-pickle:/home/bperry/tmo/hives/ntreg-ruby#
Add Comment
Please, Sign In to add comment