Security Slice

Tag: perl

Tools and posts related to the Perl scripting language

RegRipper

Description

The Registry Ripper, or RegRipper, is an open-source application for extracting, correlating, and displaying information from Windows NT registry hive files.

PlatformPerl
AuthorH. Carvey
LicenseGPLv3
URLhttps://github.com/warewolf/regripper

Usage

Rip 2.8_20130801 - CLI RegRipper tool	
Rip [-r Reg hive file] [-f plugin file] [-p plugin module] [-l] [-h]
Parse Windows Registry files, using either a single module, or a plugins file.
  -r Reg hive file...Registry hive file to parse
  -g ................Guess the hive file (experimental)
  -f [profile].......use the plugin file (default: plugins\\plugins)
  -p plugin module...use only this module
  -l ................list all plugins
  -c ................Output list in CSV format (use with -l)
  -s system name.....Server name (TLN support)
  -u username........User name (TLN support)
  -h.................Help (print this information)
  
Ex: C:\\>rip -r c:\\case\\system -f system
    C:\\>rip -r c:\\case\\ntuser.dat -p userassist
    C:\\>rip -l -c
All output goes to STDOUT; use redirection (ie, > or >>) to output to a file\.
  
copyright 2013 Quantum Analytics Research, LLC

Examples

rip.pl -r SAM -f sam > /cases/sam.txt

 rip.pl -r SYSTEM -f system > /cases/system.txt

Blog Posts

strdeob.pl

Description

This script will attempt to print stack strings discovered in the provided executable. The formatting isn’t the best, but it get’s the job done.

PlatformLinux
AuthorTotalHash
LicenseFree
URLhttps://github.com/REMnux/distro/blob/master/files/strdeob.pl

Usage

Usage: strdeob.pl <file>

Examples

 strdeob.pl file.exe

In this example, strdeob.pl outputs what it believes are stack strings from file.exe.

remnux@remnux:~/malware/day5$ strdeob.pl 9.exe
user32.dll\Program Files\Common Files\WinSta0\DefaultTLSrundll32.exeimm32.dllImmInstallIMEAimm32.dllImmGetIMEFileNameAdragonnest.exednlauncher.exexcb.datKernel32.dllLoadLibraryExWimeutil.exesgtool.exedragonnest.exednlauncher.exeqqlogin.exeiexplore.exexcb.dat\Program Files\Common Files\\Program Files\Common Files\dragonnest.exexcb.datKernel32.dllLoadLibraryExWV
...0+%|w?t=%s&a=%s&s=%s&sp=%s&r=%s&tn=%d&mb=%s&bsmb=%d&pin=%s&pin2=%s&cap=%d&hsn=%s&GA=%sdelphi.}.YWININET.dllInternetWriteFileHttpOpenRequestAHttpSendRequestExAHttpEndRequestAInternetConnectA?action=testlock&u=%s?action=breakline&u=%s?action=exception&u=%s?action=destroy&u=%s?action=frozen&u=%s?action=getproc&u=%s?action=playerlogin&u=%s
ws2_32.dllrecvrecvfromIphlpapi.dllGetAdaptersInfo8ui1qw31adSoftware\Nexon\CStrike-Online\SettingsRegionCodeexplorer.exerundll32.execonfig.exesogou360safe.exe360tray.exeexplorer.exe..YU..6..2.EZ.~..c
.
..Mup........cD............uP.d...
^H.~h
..A.B...
.I.
.8.

Blog Posts