Skip to content

smb regfile command

Jump to bottom
skelsec edited this page Apr 13, 2021 · 1 revision

What it does

Parses registry hive files remotely over SMB.

Remarks

Please note that you must provide at least the system hive file. That will not get you far (yields the Bootkey only) but it is the bare minimum. The more hive files you provide the more creds you will get.

Requirements

  • A working SMB connection URL which can access the registry hive files

Subcommands

None

Switches

  • url: SMB connection URL with the folder's path in which the hive files are located. Please consult the Connection URL section
  • system: The file name of the system registry hive file
  • --json : Output results in JSON format
  • -o : Write output to file
  • --sam : The name of the sam registry hive file
  • --security : The name of the security registry hive file
  • --software : The name of the software registry hive file

Examples

  • pypykatz smb lsassfile 'smb2+ntlm-password://TEST\Administrator:QLFbT8zkiFGlJuf0B3Qq@10.10.10.102/C$/Users/victim/Desktop/' SYSTEM.reg --sam SAM.reg --security SECURITY.reg: Dumps and parses the specified registry hives and prints the secrets to console

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally