So you might run into a situation where you need to reset the local administrator password on a Windows box. You might reboot into something like NT PASSWORD. Now comes the problem. You boot into this and it doesn't want to mount your drives or doesn't seem to want to find the SAM file. I did notice this happens more often when the system has been shut down improperly. To fix that issue, just reboot into safe mode. This will normally let you shut down properly. You might have to do this more than once. If that still doesn't work, have no fear:
Boot into Backtrack. After your booted up, check your mounts with the mount command. If you see your Windows system partition, your set if not you should try to mount it with the following:
ntfs-3g /dev/sda2 /mnt/sda2 -o force
That should mount your drive, it does expect that your drive is sda2. If it is not, put your value here. If you don't know check your logs and dmesg to see what it might be.
After it is mounted cd into the /pentest/password/chntpw directory.
Run the following:
chntpw -l /mnt/sda2/WINDOWS/system32/config/SAM
This should list the users that exist in the SAM file on the local system.
To change the password do the following:
chntpw -u Administrator /mnt/sda2/WINDOWS/system32/config/SAM
*Note: If your username happens to contain a space put it in quotes*
This will present you with some options as to what to change. Choose to blank out the password. You can also set it, but I have found this way to be the easiest. You can set it to what you want it to once you get the box back up.
After you modify the password, write your changes. This may ask for you to run a disk check after you reboot. Skip this on the first boot. Change your password after it comes back up then you can reboot and let it do what it wants.
This isn't an exact step by step. It is taking into account that you have Linux experience and some familiarity with password reset procedures. I just wanted to share this because I have seen admins feel like they are out of luck after NT Password does not work. Have no fear! You do have another option.
No comments:
Post a Comment