Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't add REG_MULTI_SZ registry values using reg.py #1720

Open
gabrielg5 opened this issue Mar 20, 2024 · 3 comments
Open

Can't add REG_MULTI_SZ registry values using reg.py #1720

gabrielg5 opened this issue Mar 20, 2024 · 3 comments
Labels
medium Medium priority item

Comments

@gabrielg5
Copy link
Collaborator

Configuration

impacket version: 0.11.0
Python version: N/A
Target OS: Windows

There's no way to add multi string keys in the registry using reg.py example.

According to MS documentation https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types value should be

A sequence of null-terminated strings, terminated by an empty string (\0).

Here it can be seen how winreg is handling it -> https://github.com/python/cpython/blob/main/PC/winreg.c#L660

I guess we should define a syntax on how different strings will be passed to the script.

Additional context

As a side note, reading MULTI_SZ keys is ommiting the separation. For example

multi

└─$ python reg.py <domain>/<user>@<target> query -keyName "HKCU\TEST" -v multi
Impacket v0.12.0.dev1+20240318.182010.0d2b72ae - Copyright 2023 Fortra

Password:
HKCU\TEST
        multi   REG_MULTI_SZ     line 1line 2line3
@gabrielg5 gabrielg5 mentioned this issue Mar 20, 2024
Merged
@Marshall-Hallenbeck
Copy link
Contributor

Hey just noticed this from the other issue I was tagged in.
If I'm not understanding it, ignore me, but you can pass them in as a list (including data with spaces, just quote it) and parse it with argparse with the "nargs" set to "+" (or * if you want to be able to accept no data as well): https://docs.python.org/3/library/argparse.html#nargs

An example command would look like: python reg.py <domain>/<user>@<target> add -keyName <whatever> -v <whatever> -vt REG_MULTI_SZ -vd First Second 'Multi Space' Fourth

This will be a list like: ['First', 'Second' 'Multi Space', 'Fourth'] which you can then concat together with NULL strings inbetween and an empty string at the end (going off of the documentation that's what it wants).

@mubix
Copy link
Contributor

mubix commented Mar 21, 2024
edited

An example command would look like: python reg.py <domain>/<user>@<target> add -keyName <whatever> -v <whatever> -vt REG_MULTI_SZ -vd First Second 'Multi Space' Fourth

Really like this format. @Marshall-Hallenbeck 👍

@anadrianmanrique anadrianmanrique added the medium Medium priority item label Apr 11, 2024
@p0dalirius
Copy link
Contributor

For clarity I would have used this format:

python reg.py "<domain>/<user>@<target>" add -keyName "<whatever>" -v "<whatever>" -vt "REG_MULTI_SZ" -vd "First" -vd "Second" -vd "Multi Space" -vd "Fourth"

In my opinion this would be clearer in the command line syntax. We could use the parseargs append action, and the following line:

impacket/examples/reg.py

Lines 562 to 563 in 269ce69

add_parser.add_argument('-vd', action='store', metavar="VALUEDATA", required=False, help='Specifies the registry '
'value data that is to be set.', default='')

Would become:

    add_parser.add_argument('-vd', action='append', metavar="VALUEDATA", required=False, help='Specifies the registry '
                           'value data that is to be set.', default=[''])

What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
medium Medium priority item
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mubix @gabrielg5 @Marshall-Hallenbeck @anadrianmanrique @p0dalirius