How to use the pypykatz.registry.offline_parser.OffineRegistry function in pypykatz

To help you get started, we’ve selected a few pypykatz examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
def from_bytes(system_data, sam_data = None, security_data = None, software_data = None):
		system_buff = io.BytesIO(system_data)
		sam_buff = None
		security_buff = None
		software_buff = None

		if sam_data:
			sam_buff  = io.BytesIO(sam_data)
		if security_data:
			security_buff = io.BytesIO(security_data)
		if software_data:
			software_buff = io.BytesIO(software_data)

		return OffineRegistry.from_buffer(system_buff, sam_buff = sam_buff, security_buff = security_buff, software_buff = software_buff)
github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
else:
			logger.error('Failed to dump SYSTEM hive, exiting...')
			
		logger.debug('Cleaning up temp files')
		for reg_name, location in locations:
			try:
				os.remove(location)
			except Exception as e:
				logger.error('Failed to clean up temp file for %s! Sensitive files might have been left on the filesystem! Path: %s Reason: %s' % (reg_name, location, str(e)))
			else:
				logger.debug('Cleanup for %s OK!' % reg_name)
	
		return po
	
if __name__ == '__main__':
	po = OffineRegistry.from_live_system()
	print(str(po))
github skelsec / pypykatz / pypykatz / registry / cmdhelper.py View on Github external
def run_live(self, args):
		from pypykatz.registry.live_parser import LiveRegistry
		lr = None
		try:
			lr = LiveRegistry.go_live()
		except Exception as e:
			traceback.print_exc()
			logging.debug('Failed to obtain registry secrets via direct registry reading method. Reason: %s' % str(e))
			try:
				from pypykatz.registry.offline_parser import OffineRegistry
				lr = OffineRegistry.from_live_system()
			except Exception as e:
				logging.debug('Failed to obtain registry secrets via filedump method')
		
		if lr is not None:
			self.process_results(lr, args)
		else:
			print('Registry parsing failed!')
github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
def from_files(system_path, sam_path = None, security_path = None, software_path = None, notfile = False):
		po = OffineRegistry()
		
		try:
			if notfile == True:
				sys_hive = system_path
			else:
				sys_hive = open(system_path, 'rb')
			po.system_hive = AIOWinRegHive(sys_hive)
		except Exception as e:
			logger.error('Failed to open SYSTEM hive! Reason: %s' % str(e))
			raise e
		
		if sam_path:
			try:
				if notfile == True:
					sam_hive = sam_path
				else:
github skelsec / pypykatz / pypykatz / registry / cmdhelper.py View on Github external
def run(self, args):
		from pypykatz.registry.offline_parser import OffineRegistry
		po = OffineRegistry.from_files(args.system, args.sam, args.security, args.software)
		
		self.process_results(po, args)
github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
def from_buffer(system_buff, sam_buff = None, security_buff = None, software_buff = None):
		return OffineRegistry.from_files(system_buff, sam_path = sam_buff, security_path = security_buff, software_path = software_buff, notfile = True)
github skelsec / pypykatz / pypykatz / dpapi / dpapi.py View on Github external
def get_prekeys_form_registry_live(self):
		"""
		
		return: touple of two lists, [0] userkeys [1] machinekeys
		"""
		from pypykatz.registry.live_parser import LiveRegistry
		from pypykatz.registry.offline_parser import OffineRegistry
		lr = None
		try:
			lr = LiveRegistry.go_live()
		except Exception as e:
			logger.debug('[DPAPI] Failed to obtain registry secrets via direct registry reading method')
			try:
				lr = OffineRegistry.from_live_system()
			except Exception as e:
				logger.debug('[DPAPI] Failed to obtain registry secrets via filedump method')
		
		if lr is not None:
			return self.__get_registry_secrets(lr)

		else:
			raise Exception('Registry parsing failed!')