pipeitup Posted July 11, 2015 Share Posted July 11, 2015 If there are already shadows on the system and I use vssown /create and attempt to grab Shadow1, I'm not grabbing the shadow I just created. Is there a way to get the ID for the newest shadow so I can grab the right one, then use that ID to delete the shadow after I'm finished? Cheers! Quote Link to comment Share on other sites More sharing options...
shamwow Posted July 11, 2015 Share Posted July 11, 2015 make a batch file and add this: vssadmin Delete Shadows /All /quiet Quote Link to comment Share on other sites More sharing options...
pipeitup Posted July 11, 2015 Author Share Posted July 11, 2015 make a batch file and add this: vssadmin Delete Shadows /All /quiet I should have been more specific in my post. The goal is to make it automated with little to no disruption. I would want to keep any shadows that are already on the system, but automatically create/dump/delete one. Quote Link to comment Share on other sites More sharing options...
shamwow Posted July 11, 2015 Share Posted July 11, 2015 (edited) I should have been more specific in my post. The goal is to make it automated with little to no disruption. I would want to keep any shadows that are already on the system, but automatically create/dump/delete one. why not delete them all and create a new one and use that new one? a batch file can delete them all then run vssown. you can use twin duck firmware as mass storage device too. i use the mimikatz payload to run an exe file that is on the ducky. Here are some options..vssadmin Delete Shadows /For=VolumeSpec [/Oldest] [/Quiet]vssadmin Delete Shadows /Shadow=ShadowID [/Quiet]vssadmin Delete Shadows /All /quiet Example Usage: vssadmin Delete Shadows /For=C: /Oldest /quiet if you still want to delete a specific shadowcopy then use this one vssadmin Delete Shadows /Shadow=ShadowID [/Quiet] Edited July 11, 2015 by shamwow Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.