Windows Passwort zurücksetzen mit chntpw

Aus xinux.net
Zur Navigation springen Zur Suche springen

Bearbeiten von „Chntpw“

kali linux starten

Im Forensic Modus

Chntpw-1.png

Terminal starten

Wo ist die Windows Partition

  • fdisk -l /dev/sda
Disk /dev/sda: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x16245839

Device     Boot  Start      End  Sectors  Size Id Type
/dev/sda1  *      2048   206847   204800  100M  7 HPFS/NTFS/exFAT
/dev/sda2       206848 41940991 41734144 19.9G  7 HPFS/NTFS/exFAT

Mounten

  • mount /dev/sda2 /mnt/

Chdir

  • cd /mnt/Windows/System32/config

list

  • chntpw -l SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 291/56144 blocks/bytes, unused: 18/9136 blocks/bytes.

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 01f5 | Gast                           |        | dis/lock |
| 03e9 | Jan                            | ADMIN  |          |
| 03ee | thomas                         | ADMIN  |          |
| 03ec | xinux                          | ADMIN  |          |

edit

  • chntpw -u xinux SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 291/56144 blocks/bytes, unused: 18/9136 blocks/bytes.

================= USER EDIT ====================

RID     : 1004 [03ec]
Username: xinux
fullname: xinux
comment : 
homedir : 

00000220 = Administratoren (which has 4 members)
000003ed = HomeUsers (which has 2 members)

Account bits: 0x0010 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. | 
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     | 
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   | 
[ ] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  | 
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  | 

Failed login count: 0, while max tries is: 0
Total  login count: 14

- - - - User Edit Menu:
 1 - Clear (blank) user password
(2 - Unlock and enable user account) [seems unlocked already]
 3 - Promote user (make user an administrator)
 4 - Add user to a group
 5 - Remove user from a group
 q - Quit editing user, back to user select
  • "1" eintippen und Enter (Für: 1 - Clear (blank) user password)
  • Danach Windows starten und ohne Passwort abfrage anmelden

Links

Abgerufen von „https://xinux.net/index.php?title=Windows_Passwort_zurücksetzen_mit_chntpw&oldid=22115