SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Friday, January 28, 2011

Changing windows passwords with Linux and CHNTPW + video tutorial

How to reset a Windows passwords, using Linux

You may need to reset an admin or user password in windows for many reasons, such as you've forgotten it or you have been given a Windows system that you need to repair and don't have access to the admin password.  Thankfully it couldn't be easier with a Linux system, and a package called chntpw.

Chntpw is a program designed to overwrite Windows NT/2000 SAM passwords

It is pretty easy to use and can be found and installed using aptitude ($ sudo apt-get install chntpw ) if your using debian based system, and is more than likely in other distributions package manager.  However you can download it from  

It can only be used on local machine and cannot be used on a remote machine.  The NT system needs to be offline (turned off) and there are many security distributions that you can use to boot up in a liveCD mode, mount the windows drive and reset passwords.  However i'm just going to use my normal install, and i'm going to mount the Windows drive via a USB caddy.

First you need to mount the drive

Then you need to locate SAM file which for Windows 2000 and XP is normally located at windows/system32/config or winnt/system32/config.  When you navigate there you should find a number of files like SAM, SYSTEM, SECURITY

Once you have located the SAM you can start using chntpw.

chntpw -h

The above will give you a list of options for chntpw

#chntpw help and usage 

chntpw version 0.99.3 040818, (c) Petter N Hagen
chntpw: change password of a user in a NT SAM file, or invoke registry editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
 -h          This message
 -u <user>   Username to change, Administrator is default
 -l          list all users in SAM file
 -i          Interactive. List users (as -l) then ask for username to change
 -e          Registry editor. Now with full write support!
 -d          Enter buffer debugger instead (hex editor), 
 -t          Trace. Show hexdump of structs/segments. (deprecated debug function)
 -v          Be a little more verbose (for debuging)
 -L          Write names of changed files to /tmp/changed
 -N          No allocation mode. Only (old style) same length overwrites possible
See readme file on how to extract/read/write the NT's SAM file
if it's on an NTFS partition!
Source/binary freely distributable. See README/COPYING for details
NOTE: This program is somewhat hackish! You are on your own!


So you can use 

chntpw -l SAM

This will list all the users on in the SAM file

chntpw SAM

The above will automatically change the administrator account 

chntpw -u USERNAME SAM

The above will change a specific username password

Once you have done unmount the drive and load the Windows system the password should be changed to whatever you changed it to.

Edit : Video tutorial created by Kris

You will find many more interesting videos by Kriss on his web site :

No comments:

Post a Comment