There is a simpler solution which doesn't need to manage shadow volumes or use external tools. You can simply copy SAM and SYSTEM with the reg command provided by microsoft (tested on Windows 7 and Windows Server 2008):
reg save hklm\sam c:\sam
reg save hklm\system c:\system
(the last parameter is the location where you want to copy the file)
You can then extract the hashes on a Linux system with package samdump2 (available on Debian: apt-get install samdump2):
$ samdump2 system sam
Administrator:500:aad3b435b51404eeaad3b435b51404ee:c0e2874fb130015aec4070975e2c6071:::
disabled Guest:501:aad3b435b51404eeaad3b435b51404ee:d0c0896b73e0d1316aeccf93159d7ec0:::
récupérer login/hash
There is a simpler solution which doesn't need to manage shadow volumes or use external tools. You can simply copy SAM and SYSTEM with the reg command provided by microsoft (tested on Windows 7 and Windows Server 2008):
reg save hklm\sam c:\sam reg save hklm\system c:\system
(the last parameter is the location where you want to copy the file)
You can then extract the hashes on a Linux system with package samdump2 (available on Debian: apt-get install samdump2):
$ samdump2 system sam Administrator:500:aad3b435b51404eeaad3b435b51404ee:c0e2874fb130015aec4070975e2c6071::: disabled Guest:501:aad3b435b51404eeaad3b435b51404ee:d0c0896b73e0d1316aeccf93159d7ec0:::