Reg1c1de: finding potential privesc avenues within the registry
Reg1c1de: Windows Registry Privesc Scanner
Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has to write permissions. In addition, if any registry values are found that contain file paths with certain file extensions and they are writeable, these will be reported as well.
Overall it tries to be a straight-forward tool: it attempts to open every single registry key under the specified registry hive and reports on the result of the attempt if it is in fact, writeable. Then it will also review every value to see if they contain file extensions within them, if so, it checks if they are in fact a file, and proceeds to try and open those with writeable permissions as well (this can be disabled of course with -df flag, more on flags below). The idea is to find writeable locations in the registry or associated registry values that you can abuse for privilege escalation or whatever fun things you wish to do. *More info on what you can do with these permissions and how to abuse them is at the bottom of this page. This admittedly, the lazier method is of course in direct opposition to the method by which you wade through the output from a much more comprehensive, detail-oriented tool like AccessEnum. There is definitely nothing wrong with these tools and they are the primary direction one should probably take when taking a “data-driven” approach. However when you are not a walking calculator and only a humble hacker, you are likely just trying to get some privesc on a time-boxed assessment and the last thing you want to do is shuffle through a massive haystack for a needle that may not exist.
