-
Notifications
You must be signed in to change notification settings - Fork 384
smb regdump command
skelsec edited this page Apr 13, 2021
·
1 revision
Dumps and parses the registry remotely over SMB. registry hive files will be deleted after command finishes (best effort)
None
- A working SMB connection URL with a user that has admin right to the remote machine
- Remote registry service available
- The same user can read the resulting hive files
None
-
url: SMB connection URL. Please consult theConnection URLsection -
--json: Output results in JSON format -
-oor--outfile: Writes the secrets to the specified file
-
pypykatz smb regdump 'smb2+ntlm-password://TEST\Administrator:[email protected]': Dumps and parses the registry and prints the results to console.