So I know that during system hacking, password files are often transferred from the remote machine to the hacker's computer. Starting with windows, how is this done? Obviously the hacker gets remote access and a command prompt, probably of a limited user. Can the SAM be accessed with a LU account, or does it require elevated privileges?
So I just learned about the SYSKEY function. This seems to be a mute point because I know I have cracked passwords offline using LC5 and Ophcrack. So I need to ask, if syskey something I need to be aware of when conducting password attacks?
Most importantly, how do I dump the SAM remotely? I'm on youtube now, but i'm guessing most videos will be showing local dumps.
Of course the same question needs to be asked of linux, how do I retrieve the shadow file and dump them to a remote pc (my attacking pc)?