LOLBAS/OSBinaries/Diskshadow.md

## Diskshadow.exe

* Functions: Execute, Dump NTDS.dit

```
diskshadow.exe /s c:\test\diskshadow.txt   

diskshadow> exec calc.exe    
```

Acknowledgements:
* Jimmy - @bohops

Code sample:
*

Resources:
* https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

Full path:
```
c:\windows\system32\diskshadow.exe
c:\windows\sysWOW64\diskshadow.exe
```

Notes:
Only present on Windows Server OS 2008 and newer
Added some more LOLBins 2018-04-19 00:06:48 +00:00			`## Diskshadow.exe`

			`* Functions: Execute, Dump NTDS.dit`

			```
			`diskshadow.exe /s c:\test\diskshadow.txt`

			`diskshadow> exec calc.exe`
			```

			`Acknowledgements:`
			`* Jimmy - @bohops`

			`Code sample:`
			`*`

			`Resources:`
			`* https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/`

			`Full path:`
			```
			`c:\windows\system32\diskshadow.exe`
			`c:\windows\sysWOW64\diskshadow.exe`
			```

			`Notes:`
			`Only present on Windows Server OS 2008 and newer`