-
Notifications
You must be signed in to change notification settings - Fork 384
live registry
skelsec edited this page Aug 16, 2019
·
1 revision
Obtains the credentials / secrets / other info from live registry
First the script will try to get access to the registy on-the-fly. This is only possible if the script manages to get SYSTEM access. In case this method fails, it will use SE_BACKUP as admin to dump the registry hives to files, and use the offline registry parser to obtain the secrets.
Administrative privileges, OR a user account that has SE_DEBUG enabled OR a user that has SE_BACKUP privileges enabled.
None
-
--json: Switches the output to JSON format, both in STDOUT and in FILE output modes -
-o: Write results to file, instead of printing it to STDOUT
-
pypykatz live registry: Prints all credentials to STDOUT -
pypykatz live registry --json: Prints all credentials to STDOUT in JSON format -
pypykatz live registry -o <output_file>: Writes all credentials to<output_file> -
pypykatz live registry -o <output_file> --json: Writes all credentials to<output_file>in JSON format.