Created
December 6, 2021 15:06
-
-
Save mrtouch93/3cf9ebb367bb58f824df1221e31432de to your computer and use it in GitHub Desktop.
Dump URI Handlers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' Taken from https://www.blackhat.com/presentations/bh-europe-08/McFeters-Rios-Carter/Whitepaper/bh-eu-08-mcfeters-rios-carter-WP.pdf | |
' Dump URL Handlers (DUH! v1) Tested on win2k and winXP should work on other windows as well | |
' enumerates all the URL handlers registed on the system, by Erik Cabetas March 2007 | |
' | |
' You should run this command once and never again! | |
' cscript.exe //H:CScript | |
' | |
' Now run this command to execute the script, you can run it multiple times | |
' cscript.exe //Nologo DUH.vbs | |
' | |
' Change the Const delim to be some sort of delimter, default is tab | |
' Then import the output into Openoffice or Excel for a nice data view | |
' | |
' satebackire | |
On Error Resume Next | |
Const HKCR = &H80000000 | |
Dim wsh | |
Dim comment | |
Dim command | |
Dim isHandler | |
Const delim = &H09 | |
Set wsh = WScript.CreateObject("WScript.Shell") | |
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") | |
ret = oReg.EnumKey(HKCR, "/", arrSubKeys) | |
if ret<>0 Then | |
ret = oReg.EnumKey(HKCR, "", arrSubKeys) | |
end if | |
if ret=0 and IsArray(arrSubKeys) Then | |
For Each subkey In arrSubKeys | |
isHandler = wsh.RegRead("HKCR\" & subkey & "\URL Protocol") | |
if Err=0 Then | |
comment = wsh.RegRead("HKCR\" & subkey & "\") | |
command = wsh.RegRead("HKCR\" & subkey & "\shell\open\command\") | |
Wscript.Echo subkey & Chr(delim) & comment & Chr(delim) & command | |
else | |
Err = 0 | |
end if | |
Next | |
else | |
WScript.Echo "Something got messed up ret=" & ret & " err=" & Err & " " & IsArray(arrSubKeys) | |
WScript.Echo "Look for the ret code in winerror.h and debug the problem yourself" | |
WScript.Echo "or you can try and run it again...sometimes it does not work correctly on the first run" | |
end if |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment