This quick labs hows how to dump all user hashes from the DC by creating a shadow copy of the C drive using vssadmin — remotely. This lab assumes the attacker has already gained administratrative access to the domain controller. Execution Create a sh...