LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-02-2004, 04:35 PM   #1
doctor_damien
LQ Newbie
 
Registered: Apr 2004
Posts: 3

Rep: Reputation: 0
Question Recovering XP Password using Knoppix




I am so new to Linux /Unix that I am still in nappies (Aussie speak for diapers) so please forgive the basic questions.

I am trying to revover the admin /root password to an XP machine. An employee of mine was terminated for cause and did not reveal the password before he left. Normally I would just do a new /fresh install of the op system /corporate drive image but I need the sales data that is on it. Hence this request.

This is what I am trying to do (thanks to a TechTV.com dark tip)

1. Boot with Knoppix STD and launch a shell.
2. From the shell, you can view all your NTFS partitions via the LinuxNTFS built into Knoppix STD.
3. Navigate to the windows\system32\config directory.
4. Copy the SAM and system files to a USB thumbdrive.

I have even bought and registered a copy of LC4, just in case I need it

I can't get past step 1

It loads okay but then I don't have enough memory to load any of the included KDE's ("Windows emulators") so I need your help to walk me through the commands that I would use to enable me to mount the XP HDD, the USB flash drive and then navigate to the windows dir to copy the SAM and SYSTEM files to the USB drive. How do I launch a shell exactly and then what do I do once I have the prompt? I don't know what name my machine gives the physical HDD nor do I know where on the knoppix CD the commands I need are going to be located (user/bin?).

I have looked through the Knoppix help site and even tried altavista.babel.com to translate it from German and I just get more and more frustrated. I have searched the forum and have not found any similar requests no matter what boolean thinking I use

Any help would be most grateful.

Thanks in advance,
Damien
 
Old 05-02-2004, 04:44 PM   #2
doctor_damien
LQ Newbie
 
Registered: Apr 2004
Posts: 3

Original Poster
Rep: Reputation: 0
Oh, and I have heard about NTpass or whatever it is that allows me to re-set the password but the database (sorry, it's an access one) reads the password somehow (as my IT guy tells me) so I can't just change it without corrupting the data. Maybe I should hire a new IT guy who knows UNIX stuff hey *laugh*
 
Old 05-02-2004, 07:40 PM   #3
Demonbane
Guru
 
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796

Rep: Reputation: 47
tried using this?
http://home.eunet.no/~pnordahl/ntpasswd/

I had more luck blanking the password other than changing to something else(enter an asterix when it prompts you for a new password)
If there are files encrypted with EFS then unfortunately you won't be able to recover them.
 
Old 05-02-2004, 09:32 PM   #4
Qucho
Member
 
Registered: Mar 2004
Location: Colorado, US
Distribution: Debian "Sarge"
Posts: 228

Rep: Reputation: 30
You can recover the files in that machine even the ones in the user personal files, regardless if he has encrypted folders.

I need to leave now and I dont have time to give you all the 'step by step' solution, but the way you achive this in the big scope of things as I can recall at this moment is:

You need a partition in your hard disk formated in FAT32
You need to install there your WindowsXP (since you can not access to your current installation)

Install the Backup utility from XP (this comes in the profesional edition) if you got the home edition then you need to browse you WinXP installation disk, I think in a folder called 'extras' you can install it from there.

Now once you boot in the new installed Windows you make a backup of the NTFS partitions of the encrypted files.

Recover:
To gain access to the encrypted files you restore them in the FAT32 partition, here the backup utility will 'warn' you about loosing the encryption (this is what we wanted )

Restore them and there you go !!!!
Now you can access to those files !!!!
 
Old 05-02-2004, 09:57 PM   #5
trey85stang
Senior Member
 
Registered: Sep 2003
Posts: 1,090

Rep: Reputation: 41
I had (up until yester) a linux boot floppy in bin format, it booted up and scanned usernames and passwords for NT based machines... you should search the net.. they are out there note: these are for local accounts.

Honestly i just wiped my drive yesterday and did not back it up or i would send it to you
 
Old 05-03-2004, 01:54 AM   #6
doctor_damien
LQ Newbie
 
Registered: Apr 2004
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for all your suggestions guys. I appreciate it. The files were encrypted with EFS so the ntpasswd (which is on the Knoppix CD) would not work in this case. I'm not sure how I can create a partition on an already Fdisked NTFS drive with 1 active partition and no room to create another without fdisking all over again. Maybe more memory will allow me to load the KDS so that I can get the SAM and SYSTEM files? It's probably not that simple though (is it ever?) :-) If there are any unix guys out there that have an hour or so that can type out some code for me to mount drives and copy files, I would be greatful. I have noted the suggestions and thank their contributors. They were definitely thinking outside my XP box *Laugh*
 
Old 05-03-2004, 03:09 AM   #7
Qucho
Member
 
Registered: Mar 2004
Location: Colorado, US
Distribution: Debian "Sarge"
Posts: 228

Rep: Reputation: 30
In Knoppix you might find a tool called Qparted. You can use this tool to resize the windows partition, then create a new partition in the free space generated.

The problem at this point would be that any present partition can only be resized to the last chunk of data. So if you have data at the end of the disk/partition this will not work at all.

Now, I if your data is that important... how about taking the HDD out of that PC and plug it temporarily in another PC with a WindowsXP over FAT32 ??

or grabbing another empty HDD laying arround (LOL.. I know...) and install it in the troubled PC so you can install the FAT32 partition???

I know is not the most elegant solution but .. hey... still a solution.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering root password isaacvimal Red Hat 3 04-02-2005 08:47 AM
Recovering Linux Password. chamalsl Linux - Security 6 02-14-2005 11:16 AM
Knoppix 3.4 password help Mandrake92 Linux - General 6 06-07-2004 02:25 PM
Recovering Lost Admin. Password Mr Neroazzurri Linux - Security 4 03-14-2003 05:26 PM
recovering root password in rh using lilo farhan Linux - General 1 03-01-2003 08:45 PM


All times are GMT -5. The time now is 01:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration