1
00:00:00,900 --> 00:00:06,720
So I think this will be seeing another technique that is reduced to promotions, so there is a registry

2
00:00:06,720 --> 00:00:17,460
service running on and it has the permissions that anyone can override the values of the registry service.

3
00:00:17,950 --> 00:00:23,700
So, OK, here, the house that created the registry service and now that it runs through the system.

4
00:00:24,390 --> 00:00:26,820
So first we need to find the registry service running.

5
00:00:27,330 --> 00:00:32,840
So let's go ahead and open this box so you get normally the reversal.

6
00:00:33,000 --> 00:00:39,150
What you can do is you can see query and this give you are the services running.

7
00:00:39,420 --> 00:00:43,780
And then what you need to do is you need to go through this using the find Ishtiaq.

8
00:00:44,130 --> 00:00:47,030
So this finished here in your case.

9
00:00:47,280 --> 00:00:48,510
So then watch the list.

10
00:00:48,510 --> 00:00:49,530
You can take the read.

11
00:00:49,740 --> 00:00:54,510
So this should give you the answer is containing the words red.

12
00:00:54,870 --> 00:00:55,950
So no hit enter.

13
00:01:05,320 --> 00:01:08,780
So that's first there should be a remote registry service.

14
00:01:18,050 --> 00:01:18,490
There.

15
00:01:19,010 --> 00:01:25,640
So what we need to do is first, let's use our diplomacy service.

16
00:01:28,680 --> 00:01:34,170
It is to brief so district, you are the services in a brief view.

17
00:01:41,510 --> 00:01:48,180
OK, it is a sequel to Did Not Work, now you can see it with the video machine we have on the registry

18
00:01:48,200 --> 00:01:48,700
service.

19
00:01:49,160 --> 00:01:52,280
So this is the remote registry service running on.

20
00:01:53,330 --> 00:02:01,430
No, what you need to do is you can query this registry service using the AC query for the full details.

21
00:02:02,090 --> 00:02:09,860
Now, as we see so now you can see Pipis, Win32 Process and Binary Puttnam.

22
00:02:09,860 --> 00:02:17,630
So all you can see here, I see program person security service and the bundling them and you can see

23
00:02:17,630 --> 00:02:20,000
it is running as a system user.

24
00:02:20,330 --> 00:02:27,530
So that means you need to manipulate this one to get the road access or the system access.

25
00:02:28,280 --> 00:02:37,490
So what you can do is first we need to find out where this registry service is located in the registry,

26
00:02:37,490 --> 00:02:44,540
Ed, are to consider windows so they have a directory we can see here.

27
00:02:44,690 --> 00:02:49,190
It's a local machine system, current contraceptive services in their services.

28
00:02:49,460 --> 00:02:52,850
We have all the services running on in that religious services.

29
00:02:53,360 --> 00:02:56,140
So now let's try and query the registry.

30
00:02:56,540 --> 00:02:57,800
So this is very simple.

31
00:02:57,800 --> 00:03:05,360
One registry query and then you need to see if in the future you need to query that.

32
00:03:05,360 --> 00:03:09,100
Is it your local machine and then you need to put the pressure.

33
00:03:09,740 --> 00:03:12,900
So this sort of such a sort of pattern.

34
00:03:13,340 --> 00:03:19,970
Now let's start registry start up and then we have the name, right.

35
00:03:19,970 --> 00:03:27,650
Exergen average SBC Registry and slash, uh, so certainties.

36
00:03:28,600 --> 00:03:34,830
So you can see Jérome just for so much fun.

37
00:03:34,850 --> 00:03:37,120
OK, so that's it.

38
00:03:37,370 --> 00:03:37,840
I don't know.

39
00:03:37,850 --> 00:03:46,970
I do think Gromit's just so one way you can find is you can Google for this part services in registry.

40
00:03:46,970 --> 00:03:55,700
Ed, now you can see here Google, Microsoft Docs look and see in the Healthcare Law Commission system,

41
00:03:55,700 --> 00:03:57,200
current contraceptive services.

42
00:03:57,590 --> 00:04:01,010
So let's go and query that one.

43
00:04:04,550 --> 00:04:07,040
And what we're going to quarry's it Gerome.

44
00:04:20,940 --> 00:04:25,590
I think there are some spaces, so small spaces, services.

45
00:04:43,090 --> 00:04:49,210
So in that what we're going to do is we want to get our the values so we for values and put the star

46
00:04:49,210 --> 00:04:50,350
to get all the values.

47
00:04:54,360 --> 00:04:56,740
So it's pretty weird.

48
00:04:59,090 --> 00:05:01,820
So contraceptive services.

49
00:05:05,090 --> 00:05:07,820
I think all that's.

50
00:05:09,720 --> 00:05:16,410
Discovered this one, I think, uh, the case to, uh, we are getting the problem.

51
00:05:22,190 --> 00:05:23,540
So in disservices.

52
00:05:28,110 --> 00:05:33,480
So there are different messages, so can know what you can do.

53
00:05:34,110 --> 00:05:40,110
You can search for a receipt and then you can query for the various.

54
00:05:42,240 --> 00:05:51,920
I know you can see the actual values for this Keays type and start image.

55
00:05:51,930 --> 00:05:56,040
But so this is the image part of the service is running.

56
00:05:56,040 --> 00:05:59,520
The executable at this spot is being run.

57
00:06:00,600 --> 00:06:07,530
So you can know what we need to do is we need to modify this one and we modify this one and point to

58
00:06:07,530 --> 00:06:09,140
our rehearsal.

59
00:06:09,360 --> 00:06:17,010
So let's generate our I have already generated using them so we can see when those shadows disappear

60
00:06:17,190 --> 00:06:25,760
and put your I.P. address and board and lightly, you need to put this one and you can just say for

61
00:06:25,940 --> 00:06:26,190
to.

62
00:06:38,840 --> 00:06:46,580
So you need to transfer the money to your Windows box so you can use the power for this.

63
00:07:07,750 --> 00:07:08,800
So now who tender?

64
00:07:11,710 --> 00:07:13,350
And here you sure?

65
00:07:16,280 --> 00:07:17,240
See the request?

66
00:07:22,370 --> 00:07:24,740
So let's go and listen on this one, two, three, four.

67
00:07:26,390 --> 00:07:30,320
So now what we're going to do is we are going to modify the value of this image.

68
00:07:30,320 --> 00:07:38,840
But, uh, to this, uh, our request for the SO to modify it, you can use the registry to comment.

69
00:07:40,940 --> 00:07:42,650
So let me copy this.

70
00:07:45,600 --> 00:07:49,140
So the value is going to be this image part.

71
00:07:53,490 --> 00:08:00,480
So there is no common language to modify it, so there is only three are common if there is already

72
00:08:00,480 --> 00:08:01,850
a value presented.

73
00:08:02,490 --> 00:08:15,290
All right, the value slash so you can see here are image part and type of the, uh, this image parties

74
00:08:15,310 --> 00:08:16,660
registry expenditure.

75
00:08:16,950 --> 00:08:23,700
So that means this is a better time for the registry with hold the fire part.

76
00:08:24,150 --> 00:08:25,210
So this is the file.

77
00:08:25,440 --> 00:08:28,620
So that's why we should specify this registry.

78
00:08:29,550 --> 00:08:29,900
OK.

79
00:08:40,440 --> 00:08:42,600
So Difford actually.

80
00:08:57,050 --> 00:09:04,810
And are don't ask for the prom desk, all right, forcefully so I think we are good to go.

81
00:09:07,600 --> 00:09:09,370
Yes, we are good to go now.

82
00:09:09,390 --> 00:09:10,030
Retender.

83
00:09:17,590 --> 00:09:22,090
Now, let's go to you further, our values in the registry as we see.

84
00:09:23,800 --> 00:09:29,800
Now you can see the image, but is pointing to the privacy rights issue for OK.

85
00:09:29,830 --> 00:09:32,920
I don't know on what boat, how.

86
00:09:37,630 --> 00:09:41,650
Compare that image of a common.

87
00:09:52,870 --> 00:09:54,340
So let's move on.

88
00:10:01,930 --> 00:10:08,290
So let's return to polls, I commonly use them for the reversions, one, two, three, four.

89
00:10:08,680 --> 00:10:12,490
So let's we need to start this service again and start.

90
00:10:20,940 --> 00:10:23,760
And you can see what the NRA wanted for.

91
00:10:26,290 --> 00:10:33,730
So you can definitely try to add this image, but and if you get a read, then it seems that you do

92
00:10:33,730 --> 00:10:38,080
not have sufficient permissions so you can also check using that access to dirty.

93
00:10:38,690 --> 00:10:46,410
OK, so the same syntax for other service permissions here.

94
00:10:46,420 --> 00:10:46,920
What do you need?

95
00:10:46,930 --> 00:10:49,420
The changes you need to pay for care for the key.

96
00:10:49,450 --> 00:10:51,110
So this is tricky.

97
00:10:52,090 --> 00:10:53,110
So this.

98
00:11:00,230 --> 00:11:01,280
So access to.

99
00:11:10,140 --> 00:11:19,900
So now you can see in with users, so every user that has some real access to the command prompt, like

100
00:11:19,920 --> 00:11:22,110
a regular user, not an invalid user.

101
00:11:22,350 --> 00:11:27,710
So those are the interactive users are logged our users that can log into the system.

102
00:11:28,170 --> 00:11:33,600
We have the all access so we can manipulate the these various.