Removing Windows OS Passwords with CHNTPW on Kali Linux

on


After Some Requests, I made this tutorial on How to Remove Windows Passwords
So First of all lets' see which tool we are going to use

 [UPDATE] If you are having any kinda problem with this method on windows 8/8.1 then try this method
If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial
Tool Name:- chntpw
Tool Description: Obviously its' going to be what the man page of tool says: "chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file,  usually  located  at  \WINDOWS\system32\config\SAM on the  Windows file system. It is not necessary to know the old passwords to reset them.  In addition it contains a simple registry editor  (same  size  data writes) and hex-editor with which the information contained in a registry file can be browsed and modified."

 Attack Requirements:
1. Physical Access to victims Computer.
2. A live bootable pendrive of Kali Linux.
    (Download Kali Linux)

 So Lets' get started:
Step 1: Mounting the drive containing Windows OS-> This one is easy ain't it? Well so that you might not have forgotten how to do it, I'll type the syntax:
ntfs-3g /dev/sda1 /media/win
Note that 'sda1' in above command is the partition on which Windows OS is installed yours can be different. To check yours simply type fdisk -l which will list your all partitions and then check by yourself on which partition your Windows OS is installed. If you can't get it this way then don't worry I'm still here well then you can try doing it in 'GUI' way. Click on Applications > Accessories > Disk Utility then select victims' hard disk and see on which partition Windows OS is installed. If Windows Partition is installed on any other partition then replace 'sda1' in the above command with that which you found e,g 'sda2''. Also note that if there is no such directory as 'win' (mentioned in above command) in your /media folder then you must create one which is simple just type mkdir /media/win this command will make win folder in media folder on which you'll mount victim's Windows OS (It is not necessary that it's name be 'win' you can use any name).
Step 2: OK after successfully mounting Victim's Windows OS now you need to move there but wait not only there instead very much deep in there. You need to move to config folder which is located in System32 folder (Note that it is Capital 'S' in windows 7 & 8). You can move there using this command:-
cd /media/win/Windows/System32/config/ (On Windows 7 & 8)
or
cd /media/win/WINDOWS/system32/config/ (On Windows XP and those before it)
Step 3: Now is the most tough part of game (only if tough means easy :) ). Now as when you are inside the config directory type the following command to see the list of users available on Victim's Machine:
chntpw -l SAM (remember it is ell not 1)

 note the name of user whose password you want to clear.
Step 4: Oh man our happy journey is coming to an end now. Follow the upcoming steps to blast Victim's Windows OS password:
type the command:
chntpw -u <username> SAM

 Note: <username> here is the name of user you noted in the above step.
it will display different options before you.
type 1 and hit enter
type y and hit enter


Voola you busted Victim's password now turn off Kali and Open Victim's Windows OS without knowing His/Her Password. Bad Bad Bad...

 For More Info on chntpw type this in your terminal:
man chntpw
This will display Manual Page of chntpw...

 Happy Cracking... :)
Don't forget to read the Disclaimer

Comments

  1. Unknown12 February 2014 at 06:00

    Great tutorial! chntpw is a nice freeware for Linux geeks. As a Windows user, I like to use PCUnlocker Live CD.

    ReplyDelete
  2. Matthew Barnard9 April 2014 at 11:23

    I have been locked out of my Windows 7 x64 admin account after trying this. Any way to fix it? Is there a bug in the chntpw? I would really appreciate help as to fix this (I am also new to linux)
    Thanks!

    ReplyDelete
    Replies
    1. Moin Khan11 April 2014 at 19:37

      Well I have tried it tens of times on Win 7 both x86 and x64 versions and it had no problems ever maybe you are doing something wrong..? I think you should follow the above tutorial once again and also there ain't any bug in chntpw but yes somehow the interactive mode (-i) doesn't work on kali linux u can also try the tool mentioned above by Michael Gade i,e PCUnlocker Live CD its a live CD maybe it can save ur day

      Delete
    2. Unknown19 April 2014 at 15:59

      Check your version of CHNTPW, 0.99.6 has issues with Windows 7 I found. Earlier variants work fine.

      Delete
  3. Unknown25 May 2014 at 05:39

    After I type chntpw -1 SAM I get a problem. This program is some what hackish

    ReplyDelete
    Replies
    1. Unknown25 May 2014 at 05:56

      Never mind used sam instead of SAM

      Delete
    2. Moin Khan14 June 2014 at 06:33

      Hey Pal you are typing it wrong its not -1 (one) its -l (ell) l for list. It won't work with a -1(one).

      Delete
  4. Unknown25 May 2014 at 06:21

    Didn't work. Done all the steps above successfully.

    ReplyDelete
  5. Anonymous12 June 2014 at 21:56

    This method doesn't work anymore. Tried Windows 7 Ultimate 64 bit, no good and the install disk have a way of getting corrupted too - second one that went bad. I'm done with Windows.

    ReplyDelete
    Replies
    1. Moin Khan21 July 2015 at 02:14

      If this method doesn't work for you, you can try this one hopefully it will work->

      http://moinkhans.blogspot.com/2015/04/changing-windows-881-password-with.html

      Delete
  6. Moin Khan14 June 2014 at 06:44

    don't know why it isn't working for you fella but it is working quite fine for me every time. If you tell us where you're getting the fault then maybe we can help you..!

    ReplyDelete
  7. Unknown25 June 2014 at 04:13

    Had done all the steps successfully....but when i open windows 8.It needs password to log in....there was no password resetting...

    ReplyDelete
    Replies
    1. Moin Khan21 July 2015 at 02:20

      as mentioned above try this method:
      http://moinkhans.blogspot.com/2015/04/changing-windows-881-password-with.html

      Delete
  8. Unknown18 September 2014 at 23:16

    Reset windows Password(all windows os)

    1.Need Linux Live cd

    2.Boot Linux live cd

    3.mount windows disk

    4.Open terminal

    5.Type "cd /media" without ""

    6.Type "ls"

    7.Type "cd windows disk ID Or name"

    8.Type "ls"

    9.Type "cd windows/System32"

    10.Type "mv sethc.exe sethc.old"

    11.Type "cp cmd.exe sethc.exe"

    12.Type "sync"

    13.Restart the system

    14.see your windows login window

    15.After Press shift for 5 time

    16. you see Command Prompt

    17.Type "netplwiz"

    18.You see new Window

    19.After You choose account and change password

    Goodluck
    Bye....................
    Friends................

    ReplyDelete
  9. Unknown14 October 2015 at 11:25

    Hey bro,
    I used this operation to reset the windows 10 password after successfully performing all the steps in linux i poweroff the linux and start the windows 10 there is nothing happen windows asked for password again plz suggest what will i do

    ReplyDelete
  10. Unknown6 June 2016 at 07:20

    Gud worked for windows 7

    ReplyDelete

Post a Comment