This module reads or writes a Windows registry security descriptor remotely.
In READ mode, the FILE option can be set to specify where the security descriptor should be written to.
The following format is used:
key: <registry key>
security_info: <security information>
sd: <security descriptor as a hex string>
In WRITE mode, the FILE option can be used to specify the information needed to write the security descriptor to the remote registry. The file must follow the same format as described above.
:warning: Important :warning:
DO NOT MERGE YET.
This module is based on this branch will need this PR landed first. This PR only adds two files:
This module reads or writes a Windows registry security descriptor remotely.
In READ mode, the
FILE
option can be set to specify where the security descriptor should be written to.The following format is used:
In WRITE mode, the
FILE
option can be used to specify the information needed to write the security descriptor to the remote registry. The file must follow the same format as described above.:warning: Important :warning: DO NOT MERGE YET. This module is based on this branch will need this PR landed first. This PR only adds two files:
Verification Steps
use auxiliary/admin/registry_security_descriptor
run verbose=true rhost=<host> smbuser=<username> smbpass=<password> key=<registry key>
run verbose=true rhost=<host> smbuser=<username> smbpass=<password> key=<registry key> file=<file path>
run verbose=true rhost=<host> smbuser=<username> smbpass=<password> key=<registry key> action=write sd=<security descriptor as a hex string>
run verbose=true rhost=<host> smbuser=<username> smbpass=<password> file=<file path>
Scenarios
Read against Windows Server 2019
Write against Windows Server 2019
Note that the information security has been set to 4 (DACL_SECURITY_INFORMATION) to avoid an access denied error.
Write against Windows Server 2019 (from file)