You may need to reset an admin or user password in windows for many reasons, such as you've forgotten it or you have been given a Windows system that you need to repair and don't have access to the admin password. Thankfully it couldn't be easier with a Linux system, and a package called chntpw.
Chntpw is a program designed to overwrite Windows NT/2000 SAM passwords
It is pretty easy to use and can be found and installed using aptitude ($ sudo apt-get install chntpw ) if your using debian based system, and is more than likely in other distributions package manager. However you can download it from http://home.eunet.no/~pnordahl/ntpasswd/
It can only be used on local machine and cannot be used on a remote machine. The NT system needs to be offline (turned off) and there are many security distributions that you can use to boot up in a liveCD mode, mount the windows drive and reset passwords. However i'm just going to use my normal install, and i'm going to mount the Windows drive via a USB caddy.
First you need to mount the drive
Then you need to locate SAM file which for Windows 2000 and XP is normally located at windows/system32/config or winnt/system32/config. When you navigate there you should find a number of files like SAM, SYSTEM, SECURITY
First you need to mount the drive
Then you need to locate SAM file which for Windows 2000 and XP is normally located at windows/system32/config or winnt/system32/config. When you navigate there you should find a number of files like SAM, SYSTEM, SECURITY
Once you have located the SAM you can start using chntpw.
chntpw -h
The above will give you a list of options for chntpw
#chntpw help and usage
chntpw version 0.99.3 040818, (c) Petter N Hagen
chntpw: change password of a user in a NT SAM file, or invoke registry editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
-h This message
-u <user> Username to change, Administrator is default
-l list all users in SAM file
-i Interactive. List users (as -l) then ask for username to change
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-t Trace. Show hexdump of structs/segments. (deprecated debug function)
-v Be a little more verbose (for debuging)
-L Write names of changed files to /tmp/changed
-N No allocation mode. Only (old style) same length overwrites possible
See readme file on how to extract/read/write the NT's SAM file
if it's on an NTFS partition!
Source/binary freely distributable. See README/COPYING for details
NOTE: This program is somewhat hackish! You are on your own!
#END
So you can use
chntpw -l SAM
This will list all the users on in the SAM file
chntpw SAM
The above will automatically change the administrator account
chntpw -u USERNAME SAM
The above will change a specific username password
Once you have done unmount the drive and load the Windows system the password should be changed to whatever you changed it to.
Edit : Video tutorial created by Kris
You will find many more interesting videos by Kriss on his web site : http://www.filmsbykris.com
chntpw -h
The above will give you a list of options for chntpw
#chntpw help and usage
chntpw version 0.99.3 040818, (c) Petter N Hagen
chntpw: change password of a user in a NT SAM file, or invoke registry editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
-h This message
-u <user> Username to change, Administrator is default
-l list all users in SAM file
-i Interactive. List users (as -l) then ask for username to change
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-t Trace. Show hexdump of structs/segments. (deprecated debug function)
-v Be a little more verbose (for debuging)
-L Write names of changed files to /tmp/changed
-N No allocation mode. Only (old style) same length overwrites possible
See readme file on how to extract/read/write the NT's SAM file
if it's on an NTFS partition!
Source/binary freely distributable. See README/COPYING for details
NOTE: This program is somewhat hackish! You are on your own!
#END
So you can use
chntpw -l SAM
This will list all the users on in the SAM file
chntpw SAM
The above will automatically change the administrator account
chntpw -u USERNAME SAM
The above will change a specific username password
Once you have done unmount the drive and load the Windows system the password should be changed to whatever you changed it to.
Edit : Video tutorial created by Kris
You will find many more interesting videos by Kriss on his web site : http://www.filmsbykris.com
No comments:
Post a Comment