GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Dankirk → Regslscan

Dankirk / Regslscan

A tool for scanning registery key permissions. Find where non-admins can create symbolic links.

Labels

vulnerability-scannersregistry

Projects that are alternatives of or similar to Regslscan

Sessiongopher
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (+2035.9%)
Mutual labels:  registry
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+24702.56%)
Mutual labels:  vulnerability-scanners
Image Relocation
Docker/OCI image relocation
Stars: ✭ 21 (-46.15%)
Mutual labels:  registry
Skpm
💎📦 A utility to build and publish Sketch plugins
Stars: ✭ 890 (+2182.05%)
Mutual labels:  registry
Ms17 010 scan
ms17_010的批量扫描工具
Stars: ✭ 23 (-41.03%)
Mutual labels:  vulnerability-scanners
Ripv6
Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Stars: ✭ 10 (-74.36%)
Mutual labels:  vulnerability-scanners
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+2017.95%)
Mutual labels:  vulnerability-scanners
Safety
Safety checks your installed dependencies for known security vulnerabilities
Stars: ✭ 982 (+2417.95%)
Mutual labels:  vulnerability-scanners
Whitewidow
SQL Vulnerability Scanner
Stars: ✭ 926 (+2274.36%)
Mutual labels:  vulnerability-scanners
Dca
Docker Certified Associate Exam Preparation Guide
Stars: ✭ 883 (+2164.1%)
Mutual labels:  registry
Initior
A command line application that let's you initialize your new projects the right way, replaces npm and yarn's init 🎆
Stars: ✭ 17 (-56.41%)
Mutual labels:  registry
Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-53.85%)
Mutual labels:  vulnerability-scanners
Envtool
Utility to check and search along environment variables. Or where Python/Cmake/Man-pages/pkg-modules/VCPKG-packages are located.
Stars: ✭ 10 (-74.36%)
Mutual labels:  registry
Horde
Horde is a distributed Supervisor and Registry backed by DeltaCrdt
Stars: ✭ 834 (+2038.46%)
Mutual labels:  registry
Search Docker Registry V2 Script.1.0
view-private-registry is a simple bash script for listing images in a private registry v2, docker search registry-v2
Stars: ✭ 34 (-12.82%)
Mutual labels:  registry
Win Lock Screen
🔒 Enable / Disable the Lock Screen for Windows 8, 8.1 & 10.
Stars: ✭ 6 (-84.62%)
Mutual labels:  registry
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+2071.79%)
Mutual labels:  vulnerability-scanners
Nettacker
Automated Penetration Testing Framework
Stars: ✭ 982 (+2417.95%)
Mutual labels:  vulnerability-scanners
Go Containerregistry
Go library and CLIs for working with container registries
Stars: ✭ 974 (+2397.44%)
Mutual labels:  registry
Cve 2017 0199 Fix
Quick and dirty fix to OLE2 executing code via .hta
Stars: ✭ 14 (-64.1%)
Mutual labels:  registry
View All Similar Projects ➔

RegSLScan

A command line tool for scanning registery key permissions.

Made by Henri Aho with Microsoft Visual Studio Community Edition 2017.

Background

This tool was inspired by a recent Steam local privilege escalation issue patched in Aug 13th 2019.

The issue was caused by a background service, Steam Client Service, that on startup gave non-admins full access to HKLM\Software\Valve\Steam and it's subkeys. Users could delete one of the subkeys and then create a symbolic link with same name as the deleted subkey and link it to a restricted registery key. This would cause the Steam Client Service to grant users full access on the symbolic link' target subkey compromising system security.

This tool was created to find similiar vulnerabilities in other programs and services.

Features

This tool scans registery keys under Local Machine (HKLM) and lists out any keys non-admins have access to create symbolic links in.

With the list developers and security enthusiasts may search for similar vulnerabilities in their systems Steam had prior to Aug 13th 2019 patch. The listed results don't mean the subkeys are vulnerable; that depends on the services and programs using those keys. However, the keys are still potential candidates where one could look for security issues.

Further vulnerability testing

To test the listed keys further, you may use an event viewer such as SysInternals ProcMon to see how a service or program uses the subkeys. If you detect the subkey permissions being changed, similiar to Steam case, you can try replacing the registery key with a symbolic link using a 3rd party tool and see if the service/program is fooled to edit the target key instead. If so, you can see how that behaviour could be used to achieve privilege escalation from Steam PoC.

Usage

RegSlScan is intended to be run from a commandline console.

Commandline syntax examples:

RegSlScan.exe
RegSlScan.exe Software\Valve

If no commandline parameters are given RegSLScan scans all subkeys in Local Machine (HKLM) recursively.

If a parameter such as "Software\Valve" is given, the speficied key (under HKLM) and it's subkeys are scanned instead.

Example output

> .\RegSLScan.exe Software
Searching for keys non-admins can create symbolic links in...
Software\Blizzard Entertainment
Software\Epic Games
Software\EpicGames\Unreal Engine\4.0
Software\Microsoft\DRM
Software\Microsoft\Speech_OneCore\AudioPolicy
Software\Microsoft\Speech_OneCore\CloudPolicy\OneSettings
Software\Microsoft\Speech_OneCore\CloudSettings
Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy
...
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].