smb regdump command

What it does

Dumps and parses the registry remotely over SMB. registry hive files will be deleted after command finishes (best effort)

Remarks

None

Requirements

• A working SMB connection URL with a user that has admin right to the remote machine
• Remote registry service available
• The same user can read the resulting hive files

Subcommands

None

Switches

• url: SMB connection URL. Please consult the Connection URL section
• --json : Output results in JSON format
• -o or --outfile : Writes the secrets to the specified file

Examples

• pypykatz smb regdump 'smb2+ntlm-password://TEST\Administrator:[email protected]': Dumps and parses the registry and prints the results to console.