Nouvelles d'ElcomSoft


  • 04/12/2018

The updated Elcomsoft System Recovery adds support for the latest Windows releases including Windows 10 October Update and Windows Server 2019. In addition, the update improves the handling of Windows SYSKEY password reset and adds the ability to look up for SYSKEY passwords prior to resetting.

We updated Elcomsoft System Recovery to work with the latest versions of Windows, adding support for Windows 10 October 2018 Update and Windows Server 2019. The update enables users to attack system passwords and dump password hashes from the most recent versions of Windows.

A major new feature of Elcomsoft System Recovery 5.40 is the ability to look up for Windows SYSKEY passwords through various caches and databases while improving the safety of resetting SYSKEY protection.

SYSKEY passwords were used in operating systems prior to Windows 10 and Windows Server 2016 release 1709 as an additional protection layer to protect the SAM database with a 128-bit RC4 encryption key. While Elcomsoft System Recovery can reset SYSKEY passwords in order to restore the system’s normal boot operation, the removal bears the risk of breaking the Windows boot process. In this update, EST 5.40 significantly improves the safety of resetting SYSKEY passwords. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system. The newly added ability to look up for cached SYSKEY passwords now offers a viable alternative to resetting SYSKEY.

There are numerous other improvements. The full changelog includes:

  • Adds support for Windows 10 October 2018 Update
  • Adds support for Windows Server 2019
  • Adds the ability to use custom dictionaries to recover passwords, allowing up to four levels of mutations
  • Significantly improves the handling of SYSKEY passwords. Before resetting a SYSKEY password, ESR will now check whether this operation is safe for the system
  • Adds the ability to look up for SYSKEY passwords (as an alternative to reset)
  • Improves the logic for PWDUMP file saving in UNICODE/ASCII
  • Fixes the issue with domain administrator password reset on specific PC configurations

Get more information on Elcomsoft System Recovery:
https://www.elcomsoft.fr/esr.html