Posted in

How to find and dump the password for windows service.

by Mariusz Ferdyn - Microsoft Most Valuable Professional (MVP)
During migrations to Cloud from IaaS many times I need to access the SQL or other subsystems using an existing password that is stored in the registry for service. How to do it step by step.
  1. Disable Antivirus including Windows Defender and real-time protection using gpedit.msc. See here: https://rzetelnekursyold.dev/?s=mimikatz&id=m
  2. Execute gpupdate /force.
  3. Download and unzip tools. This tool is provided by Paula Januszkiewicz company CQURE. The tool with password was widely distributed during Microsoft Ignite Conferences and similar. I have no right to distribute it, but I can use it for you – just contact me.
  4. Download and unzip psexec from pstools package: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
  5. Execute as an Administrator PsExec.exe -i -d -s cmd.exe. Now we have bigger permissions than Administrator – SYSTEM.
  6. Execute CQSecretsDumper.exe /service servicename
Go ahead with your dumped password and do not forget to enable Antivirus.

Microsoft Certified Trainer, Office 365, AWS, Azure and Cloud Expert-Architect. In the IT world for over than 20 years.

Apart from the main area of Microsoft Azure expert in the field of infrastructure servers Windows Server 2003-2019, Microsoft Active Directory, Hyper-V Private Cloud, IIS, System Center, SQL.

Private Cloud, System Center, Hyper-V, Open Stack Expert and all Microsoft products Expert. Linux Server administrator.

My Azure community projects:

https://mazeball.azurewebsites.net/
https://github.com/MariuszFerdyn?tab=repositories

More