You can hack windows rather easily without knowing the root password or stealing the hash from memory (lol windows unsalted passwords 2014)
Basically create a named pipe from something with system level privileges, impersonate the pipe, open the thread token, and then spawn a reverse shell with it.
Sources:
http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx