Reseting Passwords on Windows XP and Vista
by Josh Houston on Mar.31, 2009, under Security
In that unpleasant event in your life, you sit down at your computer, and totally draw blank on your password. All hope seems to be lost without those crucial letters and numbers. But as luck would have it, there is still another way to help you out. Using a tool called chntpw, we can remove your passwords from any account.
- Open the BackTrack Folder from the Menu.
- Open Privilege Escalation
- Open PasswordAttacks
- Click on “chntpw”
- Type in “chntpw -i /mnt/hda1/Windows/system32/config/SAM”
- You may have to change the “hda1″ to something else such as hdb1, sda2, sdb3. Try a few different combination until you can get it, or ask me for help.
- Press “1″
- I want to remove my password, and my username is simply “josh”. So here, I will type in “josh”.
- Press “1″ to clear the password. If all is well, it should say “Password cleared!”
- Again, lets type in our name, mine is still “josh”.
- Press “4″.
- The reason behind why we do this? Sometimes the account will get locked after we change the password, so we want to make sure we unlock it before we save the changes and boot back up to Windows.
- Type “!”
- Type “q”
- You will be asked, “Write hive files? (y/n) [n] : “ We want to press “y” for yes.
There you go! Your password is not reset and you can now log onto Windows again! Congratulations!
Questions? Comments?
Feel Free to Ask!
July 22nd, 2009 on 10:26 am
I’m having trouble accessing the directory typing: “chntpw -i /mnt/hda1/Windows/system32/config/SAM”
It continues to say “Unable to open/read a hive, exiting..”
Also, I’ve tried the other hard drive commands and still does not find the directory.
How do I find what the name of the hard drive is?
Thanks,
Brad-
August 30th, 2009 on 9:47 pm
josh i have tried many ways,but its not working properly.for cracking passward i am giving a command
chntpw -i /mnt/sda2/windows/system32/config/sam
in my case the source drive is sda2 i have seen in the storage media of bt4.
its always giving a message that
chntpw version 0.99.5 070923 (decade), (c) petter n hagen
openhive(/mnt/sda2/windows/system32/config/sam) failed,no suh file or dictionry
i have tried many time but in vain,
please help me regarding this matter.
i will appricate ur early responce.
thanks
dani
September 26th, 2009 on 9:36 pm
it will not work for me.it states
.
.
root@bt:~# chntpw -i /mnt/hda1/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/hda1/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/hda1/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/hda1/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~# chntpw -i /mnt/hdb1/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/hdb1/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/hdb1/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/hdb1/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~# chntpw -i /mnt/sda2/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/sda2/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/sda2/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/sda2/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~# chntpw -i /mnt/sda1/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/sda1/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/sda1/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/sda1/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~# chntpw -i /mnt/sdb3/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/sdb3/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/sdb3/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/sdb3/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~# chntpw -i /mnt/sdb1/Windows/system32/config/SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
openHive(/mnt/sdb1/Windows/system32/config/SAM) failed: No such file or directory, trying read-only
openHive(/mnt/sdb1/Windows/system32/config/SAM) in fallback RO-mode failed: No such file or directory
closing hive /mnt/sdb1/Windows/system32/config/SAM
Unable to open/read a hive, exiting..
root@bt:~#
November 16th, 2009 on 11:25 am
Hey have you tried to mount the drive and try to navigate to the config folder after mounting your windows to linux that what I had to do here is some links. http://www.reallylinux.com/docs/toptip3.shtml
after you mount go to the chntpw console and type Cd /mnt/the mount name created/windows/system32/config
after that you should be able to inter in the command
chntp -i SAM
Hope that helped
November 16th, 2009 on 11:27 am
sorry for spelling
that last command is chntpw -i SAM
it seems like chntpw means Change the password.
January 15th, 2010 on 1:16 am
Thanks very much !
I have trouble accessing the directory too with commandline mode, so I just enter the directory (I’m using Ubuntu…), execute the command , and then done ~
非常感谢!
February 12th, 2010 on 9:51 am
i am facing probelm during the installation of black track it requierd for login and password before intallaion.
this identifies my hard drive as an NTFS fles system and stop to intall files.
March 2nd, 2010 on 12:48 pm
I am visiting your articles whenever I have free time
March 2nd, 2010 on 5:41 pm
Hello! I really love to read your blog.
March 15th, 2010 on 2:25 pm
i m running vista 32 bits.
so i put this:
chntpw -i /mnt/hda1/windows/system32/config/KEVIN
and it doesn’t work.
Please help me.
i have try some combinations for hda1, but nothing =(
I dont know if for Vista is “windows”?
and “KEVIN” for user?
And for hda1, it must be a way to found it, and do not to try in random…maybe.
I hope that you can help me.
Thanks
March 26th, 2010 on 4:04 am
I couldn’t figure out the right combination of the hda1,hdb2, sda1,… etc…
Please advice how to know the right combination, and what does it mean?
Also I am trying on Windows 7, does it differ much? knowing that the path of the SAM file is the same.
Thanks!
May 2nd, 2010 on 11:02 am
ERD Commander is a very good tool developed by Wininternal and currently acquired by Microsoft. It is very good for systems that aren’t able to boot windows and you can not simply reinstall windows since you have lots of important data stored into it.
May 2nd, 2010 on 10:10 pm
ERD (Emergency Repair Disk) Commander provides allows access to Windows restore points, files, can do crash analysis, can uninstall hotfix, and other several low level OS tasks. It also have Network and internet access and can work like wonder if you lost your WIndows passwrd or looking for data recovery solution for non booting systems.