Why can't sekurlsa::wdigest extract plaintext passwords on Windows Server 2008 R2 and later systems by default, and how can this be enabled?

By default, Windows Server 2008 R2 and later systems do not store plaintext passwords in WDigest credentials, so the module cannot export them. This can be resolved by modifying the registry to enable WDigest Auth: run `reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest` with the appropriate value, then require the user to log in again. This is similar to how other credential harvesting techniques, like the Application of Password Filter DLL in Penetration Testing, require configuration changes.