Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Loading hashes > Remote computer
Loading password hashes from remote computer
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - loading hashes from a remote computer

 

Importing password hashes from remote machine

Import hashes from a remote host. The program has means for dumping hashes from a remote host without employing third-party utilities. This does not compromise the remote system, as it still requires supplying the credentials for the remote host user.

Dumping from a remote host works as follows. First, you should enter the remote hostname in the Remote Host field. You can use the [...] button to browse the network. Once you have selected the remote host, set up a shared resource (allowed for both reading and writing), through which the data will be transmitted. Usually, that is either C$ or ADMIN$. Here too, you can take advantage of the browse button to the right of the edit box. Next, in the two fields at the bottom type in the remote host account name and the password.

The 'Save Credentials' button saves the current settings. Respectfully, the 'Load Credentials' button allows loading of existing settings, so that you don't have to enter them manually every time you need them. The password is stored in the encrypted form!

The import feature requires administrative privileges.

You may, however, experience some troubles connecting to remote PC, even if you have an Administrator account. When connecting to the target PC with Windows Vista/7/8/10, you may get the following error:

Access error when loading hashes remotely

Error 5 indicates that access is denied (even if the target account has Administrator privileges). The problem is that any remote connection in Windows Vista and higher OSes by default cannot perform administrative tasks. Microsoft documentation clearly states the following:

When a user with an administrator account in a Windows Vista computer's local Security Accounts Manager (SAM) database remotely connects to a Windows Vista computer, the user has no elevation potential on the remote computer and cannot perform administrative tasks. If the user wants to administer the workstation with a SAM account, the user must interactively log on to the computer to be administered.

There's, however, a flag in the Windows registry that allows changing the default behavior. Just launch the registry editor of the target PC and open the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system

Then create DWORD value LocalAccountTokenFilterPolicy and set it to one (1). So you will be able to connect to the admin share.