Ok I have a lot of wms box but no admin rights, I want to get the SAM file to decrypt the admin pass but I can't when windows is running.

My question >> How to edit the autoexec.bat to get a copy of the SAM (c:\winnt\system32\config\SAM) when the computer will reboot ?

Thx ans sorry for my poor english

there is a tool called pwdump32 that will get the SAM file for you and dump it to anther location.. allowing you to crack it with John the ripper etc

Reaper

yeah thx I know this tool but I need admin rights to lauch this apps no ?

Hello, this is my first post

You could run the exploit netddemsg. It permits a privilege escalation achieving you to run any program with system's privileges.

If the netdde service is running:

Example -> C:\ >netddemsg -s Chat$ cmd.exe

Sorry for my poor english, I'm spanish

Sorry, the exploit is in the File downloads section