Thanks for the reply. I made progress and found the key value that will show you if the system is configured to use NTLMv2
Code:
“HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel”
http://technet.microsoft.com/en-us/l.../cc960646.aspx
http://atc.caltech.edu/node/402
So if the system has this key value, you can view this via:
Code:
regshell -b rpc -R "ncacn_np:192.168.1.155" -U "TESTNETWORK.local\testadmin"
Password for [TESTNETWORK.LOCAL\testadmin]:
HKEY_CLASSES_ROOT\> predef HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\> ck "SYSTEM\CurrentControlSet\Control\Lsa"
New path is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa> list
K AccessProviders
K Audit
K Data
K GBG
K JD
K Kerberos
K MSV1_0
K Skew1
K SSO
K SspiCache
V "Authentication Packages" REG_MULTI_SZ (null)
V "Bounds" REG_BINARY 0030000000200000
V "Security Packages" REG_MULTI_SZ (null)
V "ImpersonatePrivilegeUpgradeToolHasRun" REG_DWORD 0x00000001
V "LsaPid" REG_DWORD 0x000002d0
V "SecureBoot" REG_DWORD 0x00000001
V "auditbaseobjects" REG_DWORD 0x00000000
V "crashonauditfail" REG_DWORD 0x00000000
V "disabledomaincreds" REG_DWORD 0x00000000
V "everyoneincludesanonymous" REG_DWORD 0x00000000
V "fipsalgorithmpolicy" REG_DWORD 0x00000000
V "forceguest" REG_DWORD 0x00000001
V "fullprivilegeauditing" REG_BINARY 00
V "limitblankpassworduse" REG_DWORD 0x00000001
V "lmcompatibilitylevel" REG_DWORD 0x00000000
V "nodefaultadminowner" REG_DWORD 0x00000001
V "nolmhash" REG_DWORD 0x00000000
V "restrictanonymous" REG_DWORD 0x00000000
V "restrictanonymoussam" REG_DWORD 0x00000001
V "Notification Packages" REG_MULTI_SZ (null)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa> print "lmcompatibilitylevel"
REG_DWORD
0x00000000
Now my question is, how can I print this in a oneliner? I have tried:
Code:
regshell -b rpc -R "ncacn_np:192.168.0.155" -U "TESTNETWORK.local\testadmin" -c "predef HKEY_LOCAL_MACHINE;ck SYSTEM\CurrentControlSet\Control\Lsa; print "lmcompatibilitylevel" "
but to no evail. Any ideas?? Is there a perl module for querying and checking registry entries?