jnavarro.net

things i should not forget, and that, eventually, could interest people

RVT has RegRipper support

leave a comment »

RegRipper support is  added to the Revealer Toolkit Shell through these commands:

  • script regripper listmodules
  • script regripper execmodule <plugin> <hivetype> <partition>
  • script regripper execallmodules <hivetype> <partition>

The last one executes RegRipper over all the files that seem a registry hive, and store the results on the output/regripper morgue folder, sorted by modification date.

Catch the lastest code at http://code.google.com/p/revealertoolkit/, revision 32.

RegRipper code works under linux after doing these steps:

  • installing Parse::Win32Registry perl module through CPAN
  • modifing the rip.pl (see diff file at the end)
  • converting the file to unix format with dos2unix tool
  • and installing rip.pl and plugins folder under /usr/local/RegRipper
  • finally, a ln -s /usr/local/RegRipper/rip.pl /usr/local/bin/rip  will smooth your life

These changes complete a bit more previous proposals (see http://brainstretching.blogspot.com/2008/10/linux-e-regripper.html)

1c1

< #! c:\perl\bin\perl.exe

> #!/usr/bin/perl

29c29

< my $plugindir = “plugins\\”;

> my $plugindir = “/usr/local/RegRipper/plugins/”;

92c92

<             require “plugins\\”.$plugins{$i}.”\.pl”;

>             require $plugindir.$plugins{$i}.”\.pl”;

Advertisements

Written by dervitx

3 May 2009 at 21:30

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: