Skip to content

live registry

skelsec edited this page Aug 16, 2019 · 1 revision

What it does

Obtains the credentials / secrets / other info from live registry


First the script will try to get access to the registy on-the-fly. This is only possible if the script manages to get SYSTEM access. In case this method fails, it will use SE_BACKUP as admin to dump the registry hives to files, and use the offline registry parser to obtain the secrets.


Administrative privileges, OR a user account that has SE_DEBUG enabled OR a user that has SE_BACKUP privileges enabled.




  • --json : Switches the output to JSON format, both in STDOUT and in FILE output modes
  • -o: Write results to file, instead of printing it to STDOUT


  • pypykatz live registry: Prints all credentials to STDOUT
  • pypykatz live registry --json: Prints all credentials to STDOUT in JSON format
  • pypykatz live registry -o <output_file>: Writes all credentials to <output_file>
  • pypykatz live registry -o <output_file> --json: Writes all credentials to <output_file> in JSON format.


Live commands

Platform-independent commands


Clone this wiki locally
You can’t perform that action at this time.