LinuxQuestions.org - Recovering XP Password using Knoppix

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Recovering XP Password using Knoppix (https://www.linuxquestions.org/questions/linux-newbie-8/recovering-xp-password-using-knoppix-177073/)

Recovering XP Password using Knoppix

:confused:

I am so new to Linux /Unix that I am still in nappies (Aussie speak for diapers) so please forgive the basic questions.

I am trying to revover the admin /root password to an XP machine. An employee of mine was terminated for cause and did not reveal the password before he left. Normally I would just do a new /fresh install of the op system /corporate drive image but I need the sales data that is on it. Hence this request.

This is what I am trying to do (thanks to a TechTV.com dark tip)

1. Boot with Knoppix STD and launch a shell.
2. From the shell, you can view all your NTFS partitions via the LinuxNTFS built into Knoppix STD.
3. Navigate to the windows\system32\config directory.
4. Copy the SAM and system files to a USB thumbdrive.

I have even bought and registered a copy of LC4, just in case I need it :)

I can't get past step 1 :cry:

It loads okay but then I don't have enough memory to load any of the included KDE's ("Windows emulators") so I need your help to walk me through the commands that I would use to enable me to mount the XP HDD, the USB flash drive and then navigate to the windows dir to copy the SAM and SYSTEM files to the USB drive. How do I launch a shell exactly and then what do I do once I have the prompt? I don't know what name my machine gives the physical HDD nor do I know where on the knoppix CD the commands I need are going to be located (user/bin?).

I have looked through the Knoppix help site and even tried altavista.babel.com to translate it from German and I just get more and more frustrated. I have searched the forum and have not found any similar requests no matter what boolean thinking I use :)

Any help would be most grateful.

Thanks in advance,
Damien

Oh, and I have heard about NTpass or whatever it is that allows me to re-set the password but the database (sorry, it's an access one) reads the password somehow (as my IT guy tells me) so I can't just change it without corrupting the data. Maybe I should hire a new IT guy who knows UNIX stuff hey *laugh*

tried using this?
http://home.eunet.no/~pnordahl/ntpasswd/

I had more luck blanking the password other than changing to something else(enter an asterix when it prompts you for a new password)
If there are files encrypted with EFS then unfortunately you won't be able to recover them.

You can recover the files in that machine even the ones in the user personal files, regardless if he has encrypted folders.

I need to leave now and I dont have time to give you all the 'step by step' solution, but the way you achive this in the big scope of things as I can recall at this moment is:

You need a partition in your hard disk formated in FAT32
You need to install there your WindowsXP (since you can not access to your current installation)

Install the Backup utility from XP (this comes in the profesional edition) if you got the home edition then you need to browse you WinXP installation disk, I think in a folder called 'extras' you can install it from there.

Now once you boot in the new installed Windows you make a backup of the NTFS partitions of the encrypted files.

Recover:
To gain access to the encrypted files you restore them in the FAT32 partition, here the backup utility will 'warn' you about loosing the encryption (this is what we wanted ;) )

Restore them and there you go !!!!
Now you can access to those files !!!!

I had (up until yester) a linux boot floppy in bin format, it booted up and scanned usernames and passwords for NT based machines... you should search the net.. they are out there note: these are for local accounts.

Honestly i just wiped my drive yesterday and did not back it up :( or i would send it to you :)

Thanks for all your suggestions guys. I appreciate it. The files were encrypted with EFS so the ntpasswd (which is on the Knoppix CD) would not work in this case. I'm not sure how I can create a partition on an already Fdisked NTFS drive with 1 active partition and no room to create another without fdisking all over again. Maybe more memory will allow me to load the KDS so that I can get the SAM and SYSTEM files? It's probably not that simple though (is it ever?) :-) If there are any unix guys out there that have an hour or so that can type out some code for me to mount drives and copy files, I would be greatful. I have noted the suggestions and thank their contributors. They were definitely thinking outside my XP box *Laugh*

In Knoppix you might find a tool called Qparted. You can use this tool to resize the windows partition, then create a new partition in the free space generated.

The problem at this point would be that any present partition can only be resized to the last chunk of data. So if you have data at the end of the disk/partition this will not work at all.

Now, I if your data is that important... how about taking the HDD out of that PC and plug it temporarily in another PC with a WindowsXP over FAT32 ??

or grabbing another empty HDD laying arround (LOL.. I know...) and install it in the troubled PC so you can install the FAT32 partition???

I know is not the most elegant solution but .. hey... still a solution.