How can I export PPTP configuration and password from a Windows system during penetration testing?

You can obtain PPTP configuration from `%APPDATA%\Microsoft\Network\Connections\Pbk\rasphone.pbk` and extract the password using mimikatz with the command `privilege::debug token::elevate lsadump::secrets`. This technique is covered in detail in the article Penetration Techniques - Acquisition and Brute-Force of PPTP Passwords. Mimikatz is also commonly used for other privilege escalation attacks, such as those described in Penetration Techniques - Exploitation of Nine Windows Privileges.