I'm trying to write a program that will return to me the password of an entered account name on a LAN. I have access to connected computers, and I have written a brute-force loop that tests a vector of integers, going through every password between 00000 and 99999 (all passwords follow this format, so it's a decently fast program to attack a weak security system). I've tested the function in a program that stops the loop when the vector is equal to a randomly generated vector within those parameters.
What I don't know (and haven't been able to find) is how to apply this so it can actually return a password. The OS run on this network is Windows 7. I don't want it to log me directly into another account; only to print the password for me. My research on this has been kinda worthless, since I don't even know where to begin with this.
Anyone have any suggestions for how to actually test each password? Do I need the encryption key and the Windows SAM? Am I taking this in completely the wrong direction?
EDIT: I'm not looking for tools to do this for me. The point of this project is the learning experience. I'm writing it in C++
