-
Notifications
You must be signed in to change notification settings - Fork 384
live smb regdump command
skelsec edited this page Apr 14, 2021
·
1 revision
Dumps and parses the registry remotely over SMB. Connection is set up using the current user's context. registry hive files will be deleted after command finishes (best effort)
None
- A user context that has admin rights to the remote machine
- Remote registry service available
- The same user can read the resulting hive files
None
-
host
: Target hostname or IP. -
url
: SMB connection URL. Please consult theConnection URL
section -
--json
: Output results in JSON format -
-o
or--outfile
: Writes the secrets to the specified file
-
pypykatz live smb regdump win2019ad.test.corp
: Dumps and parses the registry and prints the results to console.