I know many of you would be already knowing this or other methods e.g. utilman method.
Now first of all you need a BackTrack LiveCD or any other Security Distro with chnptw pre-installed or you can download it afterwards from BackTrack repository.
Steps to follow :
1. Boot your system using BackTrack LiveCD.
2. Mount your partition containing Windows.
root@bt:~# fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 1 10683 85811166 83 Linux
/dev/sda2 10684 14762 32764567+ 83 Linux
/dev/sda3 14801 56885 338047762+ f W95 Ext'd (LBA)
/dev/sda4 56886 60801 31455270 7 HPFS/NTFS
/dev/sda5 14802 32664 143484547+ 7 HPFS/NTFS
/dev/sda6 32665 56885 194555151 83 Linux
root@bt:~# cd /media; mkdir dex
root@bt:~# mount -t ntfs /dev/sda3 /media/dex
Note - /dev/sda4 is partition containing Windows and /media/dex is the mount point.
3. Fire up chntpw.
Though it is pretty explanatory but here's an example as how to remove password from an Admin account which is locked.
root@bt:~# cd /pentest/passwords/chntpw/
root@bt:/pentest/passwords/chntpw#
root@bt:/pentest/passwords/chntpw# find /media/dex/ -iname samroot@bt:/pentest/passwords/chntpw#
/media/dex/Windows/System32/config/RegBack/SAM
/media/dex/Windows/System32/config/SAM
^C
root@bt:/pentest/passwords/chntpw# ./chntpw -i /media/dex/Windows/System32/config/SAM
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/dex/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> 1
===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username -------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Dexter | ADMIN | dis/lock |
| 01f5 | Guest | | dis/lock |
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] Administrator
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] > 1
Password cleared!
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] Administrator
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] > 4
Unlocked! [note- this step is important as the Admin account was locked]
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] !
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/dex/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed:
# Name
0 </media/dex/Windows/System32/config/SAM>
Write hive files? (y/n) [n] : y
0 </media/dexWindows/System32/config/SAM> - OK
root@bt:/pentest/passwords/chntpw#
It's done. Next time you login to your Windows with username Administrator and no password... :)
واجهات حجر هاشمي هيصم فاخر باسعار مميزة
ReplyDeleteواجهات حجر هاشمى هيصم فاخر باسعار مميزة