List Info

Thread: Writing to the registry_open_hkcu function.
Writing to the registry_open_hkcu function.
user name
 2006-02-26 04:36:00 
Hi Everyone,

I spent the better part of the day imersing myself in an
attempt to write a
plugin to determine Windows XP screen saver settings. I need
to be able to
report on whether the screen saver is enabled, how many
seconds of inactivity
before it engages, and if it requires a password to be
disabled. All which
are physical security concerns in our environment.

After a lot of scratching my head I realized that the
function RegOpenKey() only
works with HKEY_LOCAL_MACHINE. Unfortunately, registry
settings for screen
savers do not reside there. For my purposes I need to query
HKEY_CURRENT_USER.
A book by Syngress called Nessus, Snort, & Ethereal
Power Tools makes reference
to some NASL plugin functions that I can not find detailed
information about.
The chapter that talks about it can be seen online at
http://www.
securityfocus.com/excerpts/19. Here is the part I am
referencing:

"To use the following lower-level functions, you need
to set up a socket to the
appropriate host and log in to the remote host:

 registry_open_hklm, registry_open_hkcu, registry_open_hkcr
Returns the
equivalent to the MSDN’s RegConnectRegistry() when its
provided with a socket,
user id, tree id, and a pipe name. The return value is
suitable to be used by
registry_get_key()."

It would be a huge help if anyone knows the complete syntax
to use the
registry_open_hkcu() function, knows of a plugin that
already uses it, or has
examples that I can work from.

Thanks for your help,

T

_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Writing to the registry_open_hkcu function.
user name
 2006-02-26 16:20:14 
On Sat, 2006-02-25 at 23:36 -0500, tomdyll.com wrote:

> 
> After a lot of scratching my head I realized that the
function RegOpenKey() only
> works with HKEY_LOCAL_MACHINE.

Wrong.
You can open HKLM/HKU/HKCR/HKCU.

>  Unfortunately, registry settings for screen
> savers do not reside there. 
> For my purposes I need to query HKEY_CURRENT_USER.

HKEY_CURRENT_USER is not the best solution (there is a typo
in
smb_header.inc by the way) because that only checks settings
of the
current logged user.
Screensaver settings are complex to check because if you
define this
entry in your domain policy, the setting in
KKEY_CURRENT_USER is created
during the log on process.


> A book by Syngress called Nessus, Snort, & Ethereal
Power Tools makes reference
> to some NASL plugin functions that I can not find
detailed information about.
> The chapter that talks about it can be seen online at
> http://www.
securityfocus.com/excerpts/19. Here is the part I am
referencing:
> 
> "To use the following lower-level functions, you
need to set up a socket to the
> appropriate host and log in to the remote host:
> 
>  registry_open_hklm, registry_open_hkcu,
registry_open_hkcr Returns the
> equivalent to the MSDN’s RegConnectRegistry() when
its provided with a socket,
> user id, tree id, and a pipe name. The return value is
suitable to be used by
> registry_get_key()."

You should not use those deprecated functions. Use
smb_func.inc instead.


Nicolas

_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )