The updated Elcomsoft System Recovery adds support for the latest Windows releases including Windows 10 October Update and Windows Server 2019. In addition, the update improves the handling of Windows SYSKEY password reset and adds the ability to look up for SYSKEY passwords prior to resetting.
We updated Elcomsoft System Recovery to work with the latest versions of Windows, adding support for Windows 10 October 2018 Update and Windows Server 2019. The update enables users to attack system passwords and dump password hashes from the most recent versions of Windows.
A major new feature of Elcomsoft System Recovery 5.40 is the ability to look up for Windows SYSKEY passwords through various caches and databases while improving the safety of resetting SYSKEY protection.
SYSKEY passwords were used in operating systems prior to Windows 10 and Windows Server 2016 release 1709 as an additional protection layer to protect the SAM database with a 128-bit RC4 encryption key. While Elcomsoft System Recovery can reset SYSKEY passwords in order to restore the system’s normal boot operation, the removal bears the risk of breaking the Windows boot process. In this update, EST 5.40 significantly improves the safety of resetting SYSKEY passwords. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system. The newly added ability to look up for cached SYSKEY passwords now offers a viable alternative to resetting SYSKEY.
There are numerous other improvements. The full changelog includes: