Last active
July 24, 2024 09:55
-
-
Save annibuliful/9f0bd94c42e2acdcd6ef0073d056ee0a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[string]$exportPath = "C:\Hashes", | |
[string]$outputFile = "C:\Hashes\exported_hashes.txt" | |
) | |
# Ensure running as administrator | |
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) | |
{ | |
Write-Warning "You need to run this script as an Administrator." | |
exit | |
} | |
# Create the directory to store the hive files if it doesn't exist | |
if (-not (Test-Path $exportPath)) { | |
New-Item -Path $exportPath -ItemType Directory | |
} | |
# Export the SAM hive | |
try { | |
reg save HKLM\SAM "$exportPath\SAM" /y | |
Write-Output "SAM hive exported successfully to $exportPath\SAM" | |
} catch { | |
Write-Warning "Failed to export SAM hive: $_" | |
} | |
# Export the SYSTEM hive | |
try { | |
reg save HKLM\SYSTEM "$exportPath\SYSTEM" /y | |
Write-Output "SYSTEM hive exported successfully to $exportPath\SYSTEM" | |
} catch { | |
Write-Warning "Failed to export SYSTEM hive: $_" | |
} | |
# Write the paths to the output file | |
try { | |
"SAM hive path: $exportPath\SAM" | Out-File -FilePath $outputFile -Append | |
"SYSTEM hive path: $exportPath\SYSTEM" | Out-File -FilePath $outputFile -Append | |
Write-Output "Paths written successfully to $outputFile" | |
} catch { | |
Write-Warning "Failed to write paths to output file: $_" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment