Update cheatsheets

tldr/reg.py

@@ -0,0 +1,34 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# reg.py
+
+> Query, add, delete, save or backup registry keys/values on a remote Windows machine over SMB/RPC.
+> Part of the Impacket suite.
+> More information: <https://github.com/fortra/impacket>.
+
+- Query subkeys and values under a registry path:
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} query -keyName '{{HKLM\SOFTWARE\Microsoft\Windows}}'`
+
+- Query all subkeys and values under a registry path recursively:
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} query -keyName '{{HKLM\SOFTWARE\Microsoft\Windows}}' -s`
+
+- Add a new registry key or value (default value type is `REG_SZ`):
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} add -keyName '{{HKLM\SOFTWARE\Microsoft\Windows}}' -v {{value_name}} -vt {{REG_SZ|REG_NONE|REG_EXPAND_SZ|REG_BINARY|REG_DWORD|REG_DWORD_BIG_ENDIAN|REG_LINK|REG_MULTI_SZ|REG_QWORD}} -vd {{value_data}}`
+
+- Delete a registry key or value:
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} delete -keyName '{{HKLM\SOFTWARExample}}' -v {{value_name}}`
+
+- Save a registry key (and subkeys) to a file on the target via UNC path:
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} save -keyName '{{HKLM\SOFTWARExample}}' -o '\{{target}}\{{share}}\{{output_file.reg}}'`
+
+- Backup SAM, SYSTEM and SECURITY hives to a file on a target via UNC path (requires SYSTEM privileges):
+
+`reg.py {{domain}}/{{username}}:{{password}}@{{target}} backup -o '\{{target}}\{{share}}'`