Skip to content

live registry

skelsec edited this page Aug 16, 2019 · 1 revision

What it does

Obtains the credentials / secrets / other info from live registry

Remarks

First the script will try to get access to the registy on-the-fly. This is only possible if the script manages to get SYSTEM access. In case this method fails, it will use SE_BACKUP as admin to dump the registry hives to files, and use the offline registry parser to obtain the secrets.

Requirements

Administrative privileges, OR a user account that has SE_DEBUG enabled OR a user that has SE_BACKUP privileges enabled.

Subcommands

None

Switches

  • --json : Switches the output to JSON format, both in STDOUT and in FILE output modes
  • -o: Write results to file, instead of printing it to STDOUT

Examples

  • pypykatz live registry: Prints all credentials to STDOUT
  • pypykatz live registry --json: Prints all credentials to STDOUT in JSON format
  • pypykatz live registry -o <output_file>: Writes all credentials to <output_file>
  • pypykatz live registry -o <output_file> --json: Writes all credentials to <output_file> in JSON format.

Home

Live commands

Platform-independent commands

ConnectionString

Clone this wiki locally
You can’t perform that action at this time.