OK, there are a number of steps you need to take.
First off, you need to grab the hashes from the registry but the key has
SYSYEM only perms on it - as an admin you need to give admin read perms on
HKLM/Security. Then grab the hashes out of there
(HKLM/Security/SAM/Domains/Account/Users or somet
Passwords are encrypted using a one way system. i.e, there is no way to
unencrypt the password hash. You can use a brute force attack on the
password (you encrypt your guesses at the password and then compare the
encrypted hash you generated with the one in the SAM, if they match, then
you've gues
