You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#20993 - 2002-05-01 05:07 PM Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Rocco Capra Offline
Hey THIS is FUN
*****

Registered: 2002-04-01
Posts: 380
Loc: Mansfield Ohio
I did a search and could not find an answer to my problem. Can anyone tell me if the HKEY_CURRENT_USER regkey can be edited remotely (NT environment)?

code:
$FL = "test2.txt"
$RC = Open(1,$FL)
$COMP = ReadLine(1)
$RC = DelValue ($COMP + "\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","AIM")
The @serror I get is, in short, File not found.

Thanks,
Rocco
_________________________
I Love this board!! -------------------- My DEV PC is running KIX 4.22 WINXP Pro

Top
#20994 - 2002-05-01 05:12 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
BrianTX Offline
Korg Regular

Registered: 2002-04-01
Posts: 895
I believe it's possible. You might try looking into regini.exe in the ntreskit..

Brian
Top
#20995 - 2002-05-01 05:14 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
BrianTX Offline
Korg Regular

Registered: 2002-04-01
Posts: 895
On second thought.. the REG.exe might be what you want... just depends what you want to do.

Brian
Top
#20996 - 2002-05-01 05:46 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
You cannot hack HKCU remotely. It is smoke-and-mirrors. Spark up Regedit and connect to another computer. WYSIWYG.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#20997 - 2002-05-01 05:59 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
BrianTX Offline
Korg Regular

Registered: 2002-04-01
Posts: 895
You're right.. I tried using reg.exe and it tells me the only things you can edit are HKLM or HKU. Same thing with regedit.

There may be a way around it.. like some sort of registry export, copy, import.

Brian
Top
#20998 - 2002-05-01 06:04 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
If you get the user's SID, you can go through HKU\@SID...
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#20999 - 2002-05-02 06:07 AM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
mcmunt Offline
Lurker

Registered: 2002-05-02
Posts: 2
Just did this yesterday, took a while but we got there. [Big Grin]
As long as you know the user ID then you can use psgetsid.exe to evaluate the SID and as already mentioned put it in:
$rc = WriteValue("\\$machine\HKEY_USERS\$userSid\Software\.."
You'll have to parse the output from psgetsid.exe to get just the SID but it's pretty straight forward.

Mike

[ 02 May 2002, 06:09: Message edited by: mcmunt ]
Top
#21000 - 2002-05-02 02:29 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Rocco Capra Offline
Hey THIS is FUN
*****

Registered: 2002-04-01
Posts: 380
Loc: Mansfield Ohio
Thanks Mike I'll take a lok at that.

Rocco
_________________________
I Love this board!! -------------------- My DEV PC is running KIX 4.22 WINXP Pro

Top
#21001 - 2002-05-02 03:26 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Hmmm... I think maybe the SID could be had without a third party util... maybe with ADSI?

Has anyone pulled a user SID with ADSI? If so is it in the same format as the SID in the reg under HKU?

Thought I'd ask before I start tearing through the protperties and methods...

{edit}
Moved this question to the COM forum
Get SID

[ 02 May 2002, 20:01: Message edited by: LLigetfa ]
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#21002 - 2002-05-04 04:34 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I put together GetSID() - Returns SID and converts it to string format so that you won't have to use a third party util and parse through what it returns.

You will, of course, have to use KiX 4 and have ADSI. You do not however, have to be using AD.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#21003 - 2002-05-13 03:55 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Rocco Capra Offline
Hey THIS is FUN
*****

Registered: 2002-04-01
Posts: 380
Loc: Mansfield Ohio
another "?"...

Is it possible to edit the HKEY_CURRENT_USER key at login with the login script?

This would be simpler for me.
_________________________
I Love this board!! -------------------- My DEV PC is running KIX 4.22 WINXP Pro

Top
#21004 - 2002-05-13 04:01 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
I've made changes in the HKCU key during logon. Seems to work. The user shouldn't even need admin rights on the box to make changes to it.
Top
#21005 - 2002-05-13 04:03 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
See the FAQ: http://81.17.37.55/board/ultimatebb.php?ubb=get_topic;f=10;t=000043 and especially the ScriptLogic TekNote article
_________________________
There are two types of vessels, submarines and targets.

Top
#21006 - 2002-05-13 05:01 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
As Jens mentioned, The TekNote explains the sequence. Provided you stay within the constraints and perms aren't in your way, then it is possible. Be advised that policies may still override what you hack in the reg. RunOnce may be your friend.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#21007 - 2002-05-13 05:29 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Rocco Capra Offline
Hey THIS is FUN
*****

Registered: 2002-04-01
Posts: 380
Loc: Mansfield Ohio
Thanks to all...

I will be sure to read the tech note!!

Time for testing...
I may be back with "?'s" as testing developes.

Again, Thanks,
Rocco
_________________________
I Love this board!! -------------------- My DEV PC is running KIX 4.22 WINXP Pro

Top
#21008 - 2002-05-13 06:21 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Vig Offline
Starting to like KiXtart

Registered: 2001-11-14
Posts: 166
Loc: Saudi Arabia
In the unlikely event the user is not logged on, you can do a load hive under HKEY_USERS and select the "\\computer\c$\documents and settings\user\ntuser.dat".

This allows you to edit the users HKEY_CURRENT_USER but like I said it's only possible if the user is logged off.
Top
#21009 - 2002-05-16 08:58 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Beelzel Offline
Fresh Scripter

Registered: 2002-03-08
Posts: 46
Loc: DC Metro area
There is a more than excellent program out there ... RegBatch - created by bulentozkir@hotmail ... it allows me to pound out reg changes to my 600+ users ... including current user settings (screen savers et al)

If you want more info just ask ... beelzel@lycos.com regbatch download
_________________________
If not for the last minute ... nothing would get done ...

Top
#21010 - 2002-05-17 02:07 PM Re: Hacking...er...Editing - HKEY_CURRENT_USER (remotely)...
Rocco Capra Offline
Hey THIS is FUN
*****

Registered: 2002-04-01
Posts: 380
Loc: Mansfield Ohio
Beelzel,

That download link don't work.

I found it here though...

http://download.com.com/3120-20-0.html?qt=regbatch&tg=dl-2001&search=+Go%21+

Rocco

[ 17 May 2002, 14:39: Message edited by: Rocco Capra ]
_________________________
I Love this board!! -------------------- My DEV PC is running KIX 4.22 WINXP Pro

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 1183 anonymous users online.
details
Newest Members
batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.199 seconds in which 0.132 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org