LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions
User Name
Password
Linux - Distributions This forum is for Distribution specific questions.
Red Hat, Slackware, Debian, Novell, LFS, Mandriva, Ubuntu, Fedora - the list goes on and on... Note: An (*) indicates there is no official participation from that distribution here at LQ.

Notices


Reply
  Search this Thread
Old 05-19-2005, 11:39 AM   #1
halo14
Senior Member
 
Registered: Apr 2004
Location: Surprise, AZ
Distribution: Debian | CentOS | Arch
Posts: 1,103

Rep: Reputation: 45
Resetting Windows Passwords with Knoppix


Inspired by/Information from KNOPPIX HACKS O'REILY book, using captive-ntfs and chntpw utility.

Resetting Lost Windows NT
Passwords with KNOPPIX Linux



Situation:
You have forgotten a local user password on a Microsoft Windows NT, 2000, XP, 2003 computer. This is especially useful if the forgotten password if for the ‘Administrator’ account.

What you’ll need:
A copy of KNOPPIX Linux. Any version should do fine, in my example I am using KNOPPIX 3.4 which is actually slightly outdated, but we don’t need any of the newer KNOPPIX features for this example.

User accounts have an interesting history in Windows. The Windows 9x series did offer usernames and passwords, but every user could overwrite every other user’s files, and the system did not offer any real security, If you forgot your password in Windows 9x, resetting it is as simple as deleting a .pwd file with a DOS disk. With Windows NT, 2000, and XP, Microsoft has increased its user security by creating different user accounts on the same system and password that protect them. However, unlike in Windows 9x, if you forget your Administrator password, your only resource is to purchase a tool to reset your Windows password or to reinstall Windows to create a new administrator account. If you have a Knoppix disc, you can download and use the ‘chntpw’ tool, which is a small program that lets you eset the local passwords on a Windows system, and return to your system.

First step is, obviously, to boot the computer with Knoppix. There are multiple ways to get chntpw, but luckily for us, it’s now part of Debian’s ‘unstable’ repositories. Since Knoppix is Debian based, we can get the latest .deb file from http://packages.debian.org/unstable/admin/chntpw. Download the file to your /home/Knoppix folder. Since most of the Knoppix system is read-only, we can’t directly install the .deb package. Instead, you must convert it to a tar file, and then extract out the chntpw utility. Open up a terminal and run the following commands:
Code:
Knoppix@ttyp1[knoppix]$ alien –to-tgz chntpw_<version>.deb
Knoppix@ttyp1[knoppix]$ tar xvzf chntpw<version>.tgz ./usr/sbin/chntpw
Knoppix@ttyp1[knoppix]$ mv ./usr/sbin/chntpw ./
Once you have finished with these commands, the chntpw utility is in /home/Knoppix and ready to use. Now let’s reset the password!

To reset the password, you must have write permissions on the Windows partition. If you have a FAT or FAT32 Windows partition, this is easy. However, the standard and common file system for Windows NT, 2000, and XP is NTFS. So now I will explain how to mount your Windows partition using ‘captive-ntfs’. As of Knoppix 3.4, Captive NTFS is included on the CD. Captive NTFS is actually a process that uses the NTFS drivers that Windows itself uses.
Though it has worked for many people, it is still considered somewhat experimental, and anything of great importance should be backed up prior to use.

Knoppix includes an easy-to-use Captive NTFS wizard which will scan the hardrives for the necessary NTFS .dlls. Access the wizard by K-Menu -> KNOPPIX -> Utilities -> Captive NTFS. Click forward to see a list of the system files that Captive NTFS has already located on your Knoppix system. Click forward again, and the wizard mounts and scans your hard drives for the essential files it needs.

Once Captive NTFS has the module it needs, it activates the OK button even though it continues to scan other directories and partitions for drivers. If you are in a hurry, you can click OK to immediately mount the NTFS partitions. If you wait for the scan to finish, you are prompted with an option to specify locations for drivers, such as a USB flash drive, or click forward to download the drivers from the Windows XP service Pack 1.

Once you are finished with the wizard, you are ready to mount an NTFS partition. Open up a terminal and use the following command:
Code:
 Knoppix@ttyp1[knoppix]$ sudo mount –t captive-ntfs –o uid=Knoppix,gid=Knoppix /dev/hda1 /mnt/hda1
Obviously, replace the name of the partition, if it is not correct. The –t option is used to specify file-system type, use captive-ntfs to use the NTFS drivers that the captive ntfs wizard previously found. The –o argument tell mount to make user and group ‘knoppix’ the owner of this drive. Now that this drive is mounted, you have full read/write access to the drive and the possibly to do unlimited good and evil to your drive.

Make sure to unmount the drive after you’re done to be sure that changes are synced!!!!
Code:
Knoppix@ttyp1[knoppix]$ sudo umount /mnt/hda1
Now to continue resetting the password. Once the partition is mounted, we must find the directory containing the SAM file. For Windows 2000 and XP systems, this should be under /winnt/system32/config and /windows/system32/config, respectively. In this example, navigate to /mnt/hda1/windows/system32/config directory. You should see a number of files, including SAM, SYSTEM, and SECURITY that may or may not be in all caps. Now, to reset the ‘Administrator’ password, do the following:
Code:
Knoppix@ttyp1[config]$ /home/Knoppix/chntpw SAM
You will see a few messages, and at the end should be prompted with an option to enter the new password. It is my strong recommendation that you simple reset(blank) the password by using the asterisk(*). I have not had good luck changing the password to something new, but blanking it works all the time from my experience. So, do the following:
Code:
Please enter new password: *
Hit [Enter]

There you go! You should now have a blank password on the local Administrator account of that Windows installation. If you want to reset the password for any account other than ‘Administrator’ you can use the following commands:
Code:
Knoppix@ttyp1[config]$ /home/knoppix/chntpw –l SAM
To view all user accounts on the system
Code:
Knoppix@ttyp1[config]$ /home/knoppix/chntpw/ -u username SAM
To reset the account password for the username of your choice.

Once you have changed the password and saved your changes, unmount the filestem and reboot:
Code:
Knoppix@ttyp1[config]$ cd
Knoppix@ttyp1[knoppix]$ sudo umount /dev/hda1
Knoppix@ttyp1[knoppix]$ sudo reboot
 
Old 05-19-2005, 01:05 PM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
Nice, this would also fit very nicely in the Tutorials section. If you submit it there it's less likely to get buried under other posts.
 
Old 05-19-2005, 02:42 PM   #3
halo14
Senior Member
 
Registered: Apr 2004
Location: Surprise, AZ
Distribution: Debian | CentOS | Arch
Posts: 1,103

Original Poster
Rep: Reputation: 45
submitted
 
Old 04-22-2006, 09:23 PM   #4
StrongB@d
LQ Newbie
 
Registered: Apr 2006
Posts: 3

Rep: Reputation: 0
UPDATED: Knoppix 4.02 CD, for Dell intel controller and SATA drive with NTFS partition.
problems: Knoppix 4 CD does not contain captive-ntfs, I am using a new Dell with SATA and an intel controller (it seems knoppix is one of the few distros with the ability to recognize the drives -/dev/sda).

1. mount the ntfs partition using the instructions on the KNOPPIX CD:
"It will work on Knoppix 4 (adding a few files, modifying files) using
the description in the KNOPPIX/linux-ntfs/FOR-DEVELOPERS.txt for
libntfs+fuse, or regularly and transparent on Knoppix 5 with the
included mount.ntfs". -Klaus Knopper

2. continue with chntpw instructions above.

Good luck
 
Old 04-22-2006, 09:40 PM   #5
manishsingh4u
Member
 
Registered: Oct 2005
Location: Bhopal, India
Distribution: RHEL 6
Posts: 422

Rep: Reputation: 30
Nice thread. Posting here to subscribe. Anyway, I have a linux like boot CD which I used on my Windows 2000 installation to recover my password. I have Knoppix too, Will try my hands on this one too. You can make a nice tutorial on this one.
 
Old 04-24-2006, 03:06 PM   #6
halo14
Senior Member
 
Registered: Apr 2004
Location: Surprise, AZ
Distribution: Debian | CentOS | Arch
Posts: 1,103

Original Poster
Rep: Reputation: 45
thanks for the update...

Yeah, I should probably rewrite this tutorial for knoppix 5... but... even i don't have knoppix 5 yet :P soon enough though
 
Old 04-27-2006, 05:43 AM   #7
waspinagermanhelmet
LQ Newbie
 
Registered: Apr 2006
Location: Birmingham UK
Distribution: Kubuntu, Elive installed version, Grafpup Live CD, Puppy - Installed on old laptop
Posts: 21

Rep: Reputation: 15
erm... could this be used to change passwords on our 2003 server ? Better lock the Server room I think!
 
Old 04-27-2006, 02:43 PM   #8
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
A lot easier is the Offline NT Password & Registry Editor, an open-source program that comes on a boot floppy or boot CD and can safely change arbitrary passwords or registry entries on NTFS.

Last edited by spooon; 04-27-2006 at 02:47 PM.
 
Old 05-03-2006, 02:03 AM   #9
StrongB@d
LQ Newbie
 
Registered: Apr 2006
Posts: 3

Rep: Reputation: 0
Nope. sorry spooon. The Offline NT Password & Registry Editor, which is a great product, also did not recognize the Dell SATA controller. Maybe with the next driver update.
 
Old 03-01-2007, 03:49 PM   #10
balrog_svr
LQ Newbie
 
Registered: Mar 2007
Posts: 2

Rep: Reputation: 0
I little bit of additional info

I am a newbie. Following your instruction i noticed that each time i would scan to get my captive ntfs.sys module enabled my captive screen would just disappear. Later on I figured out that this was due to the fact that if you run knoppix 3.6 and you go to run Capture NTFS from Knoppix, Utilities menu I would run it as a knoppix user and not as a root. Also if i tried to log in as a root it would request a password. After playing with it i figured out the way around this limitation. So the following steps fixed my problem:

1. I opened shell and entered sudo -s which allowed me to get root shell
2. I copied from /mnt/hda1/windows/system32/drivers two files to /var/lib/captive

cp /mnt/hda1/windows/system32/drivers/ntfs.sys /var/lib/captive/
cp /mnt/hda1/windows/system32/drivers/ntoskrnl.exe /var/lib/captive/

3. I run previously provided command with a small difference I changed my uid lowercase as my shell showed:
mount -t captive-ntfs -o uid=knoppix,gid=knoppix /dev/hda1 /mnt/hda1

and it worked. I hope that this comment will help other newbies like me. I assume that this post was placed it was assumed that the user should run knoppix utilities captive ntfs as a root.
 
Old 03-20-2007, 09:01 PM   #11
gejr
Member
 
Registered: Apr 2006
Posts: 53

Rep: Reputation: 15
I've needed this once, and I used a "distro" called Ophcrack. Couldn't be simpler, just boot from the cd and the password for windows admin was recovered in less than 5 minutes. Didn't require any clicking at all. All automatic And the computer didn't even have a fast cpu.
 
Old 10-24-2007, 01:36 PM   #12
Rick Z
LQ Newbie
 
Registered: Aug 2007
Posts: 2

Rep: Reputation: 0
Great Pos.

I follow the instruction and made the pw reset.

I have a further questions about rest the password remotely. Can Knoppix remotely change user's password? Another word, can we change any user's account while the OS(windows) is running?

Thanks.
 
Old 10-24-2007, 07:43 PM   #13
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 58
Can this method be used on vista?
 
Old 10-25-2007, 05:55 AM   #14
gejr
Member
 
Registered: Apr 2006
Posts: 53

Rep: Reputation: 15
Quote:
Originally Posted by AceofSpades19 View Post
Can this method be used on vista?
I know OphCrack works with Vista.
 
Old 05-06-2009, 08:05 AM   #15
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Rep: Reputation: 51
Quote:
Originally Posted by halo14 View Post
Inspired by/Information from KNOPPIX HACKS O'REILY book, using captive-ntfs and chntpw utility.

Resetting Lost Windows NT
Passwords with KNOPPIX Linux



Situation:
You have forgotten a local user password on a Microsoft Windows NT, 2000, XP, 2003 computer. This is especially useful if the forgotten password if for the ‘Administrator’ account.

[/code]
does it work to reset Administrator password on XP SP3 as well?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacking Windows Passwords whited General 19 12-06-2007 01:37 PM
DISCUSSION: Resetting Windows Passwords with Knoppix halo14 LinuxAnswers Discussion 19 10-13-2007 01:25 PM
How do you use Knoppix to recover Win2000 passwords jnc01 General 10 04-22-2007 06:32 AM
Samba 3 - changing passwords from windows michzap Linux - Networking 2 09-03-2004 01:48 AM
windows passwords with linux sqn Linux - Networking 10 03-03-2003 11:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions

All times are GMT -5. The time now is 03:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration