live smb regdump command

What it does

Dumps and parses the registry remotely over SMB. Connection is set up using the current user's context. registry hive files will be deleted after command finishes (best effort)

Remarks

None

Requirements

A user context that has admin rights to the remote machine
Remote registry service available
The same user can read the resulting hive files

Subcommands

None

Switches

host: Target hostname or IP.
url: SMB connection URL. Please consult the Connection URL section
--json : Output results in JSON format
-o or --outfile : Writes the secrets to the specified file

Examples

pypykatz live smb regdump win2019ad.test.corp: Dumps and parses the registry and prints the results to console.

Home

Wiki

Live commands

lsa
kerberos
- currentluid
- roast
- tgt
- apreq
- purge
- sessions
- dump
- triage
smbapi
- share
- session
- localgroup
users
token
process
dpapi
- keys
- vpol
- vcred
- cred
- blob
- blobfile
- securestring
- securestringfile
- wifi
smb
- client
- shareenum
- lsassdump
- regdump
- dcsync
- secretsdump
ldap
- client

Platform-independent commands

lsa
- minidump
registry
crypto
- nt
- lm
- dcc
- dcc2
- gppass
kerberos
- tgt
- tgs
- brute
- asreproast
- spnroast (aka. kerberoast)
- s4u
- keytab
- kirbi
- ccache
  - list
  - del
  - roast
  - loadkirbi
  - exportkirbi
dpapi
- prekey
- minidump
- masterkey
- blob
- securestring
- credential
- vpol
- vcred
smb
- client
- lsassfile
- lsassdump
- regfile
- regdump
- dcsync
- secretsdump
- shareenum
ldap
- client

ConnectionURL

ConnectionURL

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

live smb regdump command

What it does

Remarks

Requirements

Subcommands

Switches

Examples

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally