Pages

Tuesday, December 20, 2011

Removing Windows Admin/User Passwords Using LInux/Ubuntu11.10

Hello Folks,

Here we shall see a small tutorial on "How to remove windows passwords Using a linux CD".
Requirements to do is a Linux CD and of course the system whose password is to be removed/changed.

Basically the list of users and their passwords are saved in the operating systems in a file call SAM.
So coming to the point, this SAM file has to be edited in order to change or remove the password of the users ( we can view the list of users also).

Now lets start step wise.
1. Insert the Linux CD and boot into the CD-ROM.
2 .After booting into the live CD of the Linux we'll be able to browse the file system.
3. Now open the terminal by pressing ctrl+alt+t or user the super key/windows button there appears a screen and there you can type terminal of open it.
4. After opening the terminal navigate to the folder containing SAM file( it is in the location C:/Windows/System32/config).
5. Now type 
chntpw -l sam.
it will show the list of users, their status whether disabled/enabled etc.
If the terminal says command not found or any thing like just type the following command to install chntpw.
sudo apt-get install chntpw
 6. Now select the user name whose password is to be disturbed.
after selected type the following command
chntpw -u <username> sam
7. Then there appears a menu as shown below
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
q - Quit editing user, back to user select
Select: [q] >

asking for option here enter option 1 to clear the password.
That's it we are done. 

Now restart the system and remove the cd and enter the windows operation system which don't prompt for password for the user we cleared.

Now you can keep the password which ever you wish.
Below is the terminal display when is used the command.

jodiaq@jodiaq-nl:/media/529C5AB99C5A9777/Windows/System32/config$ chntpw -l sam
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 247/52224 blocks/bytes, unused: 10/8992 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | |
| 01f5 | Guest | | dis/lock |
| 03e8 | ss | ADMIN | |
jodiaq@jodiaq-nl:/media/529C5AB99C5A9777/Windows/System32/config$ chntpw -u ss sam
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 247/52224 blocks/bytes, unused: 10/8992 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | |
| 01f5 | Guest | | dis/lock |
| 03e8 | ss | ADMIN | |
---------------------> SYSKEY CHECK <-----------------------
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
SAM Account\F : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!
RID : 1000 [03e8]
Username: ss
fullname: johnmiller
comment :
homedir :
User is member of 1 groups:
00000220 = Administrators (which has 2 members)
Account bits: 0x0214 =
[ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 47
- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
q - Quit editing user, back to user select
Select: [q] > 1
Hives that have changed:
# Name
0
Write hive files? (y/n) [n] : y
0 - OK
jodiaq@jodiaq-nl:/media/529C5AB99C5A9777/Windows/System32/config$

No comments:

Post a Comment