Implement shadow copy dumping for SAM and LSA

[azoxlpf]

Description

This PR extends the shadow copy implementation. Previously, this method was only available for NTDS dumping. I have added support for dumping SAM and LSA secrets using shadow copies as well

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Deprecation of feature or functionality
• This change requires a documentation update
• This requires a third party update (such as Impacket, Dploot, lsassy, etc)

Screenshots (if appropriate):

SAM :

LSA :

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

• I have ran Ruff against my changes (via poetry: poetry run python -m ruff check . --preview, use --fix to automatically fix what it can)
• I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
• New and existing e2e tests pass locally with my changes
• If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

[NeffIsBack]

Thanks for the PR, but isn't that something that should be implemented on the impacket side? That's how ntds vss is implemented as well

[azoxlpf]

Thanks for the PR, but isn't that something that should be implemented on the impacket side? That's how ntds vss is implemented as well

This is already implemented on the impacket side. We're using RemoteOperations.createSSandDownloadWMI() which is an existing impacket method. This is the same approach as NTDS VSS which uses RemoteOperations.saveNTDS(). Both methods are from impacket's RemoteOperations class, we're just exposing them through the --sam vss and --lsa vss arguments

[NeffIsBack]

Thanks for the PR, but isn't that something that should be implemented on the impacket side? That's how ntds vss is implemented as well

This is already implemented on the impacket side. We're using RemoteOperations.createSSandDownloadWMI() which is an existing impacket method. This is the same approach as NTDS VSS which uses RemoteOperations.saveNTDS(). Both methods are from impacket's RemoteOperations class, we're just exposing them through the --sam vss and --lsa vss arguments

Got it okay! The code can probably be a bit more deduplicated tho.

[NeffIsBack]

This looks redundant to the code of the other methods. Without having access to a proper IDE I can't verify it, but could we move that out of the condition and group it with the others?

[azoxlpf]

I’ve applied the refactor: the shared logic (dump, export, success message, finish) is no longer inside each branch. Instead, it's now consolidated into a single if SAM: / if LSA: block after the vss vs regdump/secdump branches. I don’t see a cleaner way to do it. Does that sound good to you ?

[NeffIsBack]

See above