During migrations to Cloud from IaaS many times I need to access the SQL or other subsystems using an existing password that is stored in the registry for service.
How to do it step by step.
- Disable Antivirus including Windows Defender and real-time protection using gpedit.msc. See here: https://rzetelnekursy.pl/?s=mimikatz&id=m
- Execute gpupdate /force.
- Download and unzip tools. This tool is provided by Paula Januszkiewicz company CQURE. The tool with password was widely distributed during Microsoft Ignite Conferences and similar. I have no right to distribute it, but I can use it for you – just contact me.
- Download and unzip psexec from pstools package: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
- Execute as an Administrator PsExec.exe -i -d -s cmd.exe. Now we have bigger permissions than Administrator – SYSTEM.
Execute CQSecretsDumper.exe /service servicename
Go ahead with your dumped password and do not forget to enable Antivirus.