How to use the pypykatz.registry.offline_parser.OffineRegistry function in pypykatz
To help you get started, we’ve selected a few pypykatz examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github 
def from_bytes(system_data, sam_data = None, security_data = None, software_data = None):
system_buff = io.BytesIO(system_data)
sam_buff = None
security_buff = None
software_buff = None
if sam_data:
sam_buff = io.BytesIO(sam_data)
if security_data:
security_buff = io.BytesIO(security_data)
if software_data:
software_buff = io.BytesIO(software_data)
return OffineRegistry.from_buffer(system_buff, sam_buff = sam_buff, security_buff = security_buff, software_buff = software_buff)else:
logger.error('Failed to dump SYSTEM hive, exiting...')
logger.debug('Cleaning up temp files')
for reg_name, location in locations:
try:
os.remove(location)
except Exception as e:
logger.error('Failed to clean up temp file for %s! Sensitive files might have been left on the filesystem! Path: %s Reason: %s' % (reg_name, location, str(e)))
else:
logger.debug('Cleanup for %s OK!' % reg_name)
return po
if __name__ == '__main__':
po = OffineRegistry.from_live_system()
print(str(po))def run_live(self, args):
from pypykatz.registry.live_parser import LiveRegistry
lr = None
try:
lr = LiveRegistry.go_live()
except Exception as e:
traceback.print_exc()
logging.debug('Failed to obtain registry secrets via direct registry reading method. Reason: %s' % str(e))
try:
from pypykatz.registry.offline_parser import OffineRegistry
lr = OffineRegistry.from_live_system()
except Exception as e:
logging.debug('Failed to obtain registry secrets via filedump method')
if lr is not None:
self.process_results(lr, args)
else:
print('Registry parsing failed!')def from_files(system_path, sam_path = None, security_path = None, software_path = None, notfile = False):
po = OffineRegistry()
try:
if notfile == True:
sys_hive = system_path
else:
sys_hive = open(system_path, 'rb')
po.system_hive = AIOWinRegHive(sys_hive)
except Exception as e:
logger.error('Failed to open SYSTEM hive! Reason: %s' % str(e))
raise e
if sam_path:
try:
if notfile == True:
sam_hive = sam_path
else:def run(self, args):
from pypykatz.registry.offline_parser import OffineRegistry
po = OffineRegistry.from_files(args.system, args.sam, args.security, args.software)
self.process_results(po, args)def from_buffer(system_buff, sam_buff = None, security_buff = None, software_buff = None):
return OffineRegistry.from_files(system_buff, sam_path = sam_buff, security_path = security_buff, software_path = software_buff, notfile = True)def get_prekeys_form_registry_live(self):
"""
return: touple of two lists, [0] userkeys [1] machinekeys
"""
from pypykatz.registry.live_parser import LiveRegistry
from pypykatz.registry.offline_parser import OffineRegistry
lr = None
try:
lr = LiveRegistry.go_live()
except Exception as e:
logger.debug('[DPAPI] Failed to obtain registry secrets via direct registry reading method')
try:
lr = OffineRegistry.from_live_system()
except Exception as e:
logger.debug('[DPAPI] Failed to obtain registry secrets via filedump method')
if lr is not None:
return self.__get_registry_secrets(lr)
else:
raise Exception('Registry parsing failed!')
Popular pypykatz functions
- pypykatz.commons.common.UniversalEncoder
- pypykatz.commons.winapi.processmanipulator.ProcessManipulator
- pypykatz.crypto.aes.AESModeOfOperationCBC
- pypykatz.crypto.aes.AESModeOfOperationECB
- pypykatz.crypto.des.des
- pypykatz.crypto.RC4.RC4
- pypykatz.crypto.unified.common.SYMMETRIC_MODE
- pypykatz.dpapi.structures.blob.DPAPI_BLOB.from_bytes
- pypykatz.logger
- pypykatz.logger.debug
- pypykatz.logger.info
- pypykatz.logging
- pypykatz.logging.debug
- pypykatz.pypykatz.pypykatz
- pypykatz.pypykatz.pypykatz.parse_minidump_file
- pypykatz.registry.logger
- pypykatz.registry.logger.debug
- pypykatz.registry.logger.error
- pypykatz.registry.logger.warning
- pypykatz.registry.offline_parser.OffineRegistry