Windows generally have three types if users wiz. user, administrator, system user. We users only have access to first two users and system user is like the root user in linux. Microsoft does not give us option to function as system user, that means we are not the sole owner of the windows, as we cannot use it as root.
So, here is the way to become the system user of our windows and do whatever we want. In my previous blogs I have mentioned that windows passwords are stored in SAM file in c:\windows\system32\config and we cannot view it or copy or delete it. But once we become the system user we can manipulate this file also. Now you may got the essence of system user.
Here are the steps to become the system user and take home the SAM file.
1. Download psexec.exe from sysinternal
2. Place it your C drive(or drive in which your windows is installed)
3. Open the cmd.exe and type cd \ . It will place you in the root directory where psexec is placed.
4. Use the following command psexec -i -s cmd.exe
where -i for interactive
-s for system account
5. When the command completes cmd shell will launched then type whoami, it will say "system"
6. Now, open the task manager and kill the explorer.exe
7. From thr cmd shell that is currently opened type start explorer.exe
8. When the explorer is launched, notice the name "system" as the user. Now you can delete or copy files in the windows\system32 folder which were not possible when your either admin or normal user.
9. Now you can also copy SAM file and extract hashes from it.