So you wanna be a hacker

Posted: 16th September 2012 by Jab in Stuff I see at work, Ubuntu
Tags: , , ,

You lose your Windows password(s) and cannot log in to your machine. If you have a rescue disk, you should be okay. If not, you might have to turn to Linux for help.

The method that I describe in this tutorial can work with a Windows machine that either dual boots with Linux or does not. If the machine in question does not dual boot, you will need to download a live edition of a Linux distribution (I prefer Ubuntu for the task) and burn that ISO image to a disk (you could also use a Linux distribution on a USB drive). Either way, you will need to boot in to Linux to recover your password.

Step 1: Boot in to Linux

Put the burned disk in the drive (or boot from USB) and boot in to the Live edition of Linux. You should use the standard Live session.

Step 2: Find the Windows partition

Open Nautilus (the GNOME file manager) and follow these steps:

  1. Hit the Ctrl-L key combination to open the Location bar (Figure A).
  2. Enter the string “computer:///” (no quotes).
  3. Locate the drive (or partition) that contains your Windows installation.
  4. Right-click the Windows drive icon and click Mount.
  5. Double-click the icon to open the Windows drive (or partition) and make note of where the drive is mounted (it will be listed in the location bar).

The drive in question on my system is the far left icon. (Click the image to enlarge.)

Step 3: Get to the command line

It’s time to open a terminal window and begin (or continue) your journey into the Linux command line. You must install the small tool called chntpw. To install this application, issue the command: sudo apt-get install chntpw. With that application installed, you are ready to go. Follow these steps to get the password changed:

  1. Change into the directory containing Windows with the command cd /PATH/TO/WINDOWS (PATH/TO/WINDOWS is the complete directory path to your Windows drive).
  2. Change into the Windows/System32/config directory.
  3. Issue the command sudo chntpw SAM.

You should now see the chntpw screen (Figure B). Here you have five options:

  • Clear user password
  • Edit user password
  • Promote user (make user an administrator)
  • Unlock and enable user account
  • Quit

Figure B

You do not want to make changes here, because this could wipe all users’ passwords — make sure you are working with a specific user. (Click the image to enlarge.)

Enter “q” for quit. We’re going to make sure we are working with a specific user. To list out all users in the SAM file, issue the command sudo chntpw -l SAM. This will list out all of the users on the system. As you can see in Figure C, my name is listed as one of the users. Figure C

This listing will also tell you how many failed login attempts have been made. (Click the image to enlarge.)

To work with a specific user, issue the command sudo chntpw -u “USER NAME” SAM (USER NAME is the actual username). If the username is only one word, you will not need the quotes. If the username is a full name, place it within quotes or the command will not work. Once you are back in the edit screen, do the following:

  1. Type “2” (no quotes) to go into edit mode.
  2. Type the new user password.
  3. Hit the Enter key.
  4. Type “y” (no quotes) followed by Enter to write the file.

Your Windows User password should be changed. Reboot into Windows to make sure the edit worked. If it did not work, go through the steps once again and, this time, blank the password instead of editing it. To blank the password, do the following:

  1. Enter the edit screen for the specific user.
  2. Type “1” (no quotes).
  3. Hit Enter.
  4. Type “y” (no quotes).
  5. Hit Enter.

At this point the user account should have no password. You can reset the password once you successfully log in to Windows.

Source: https://www.techrepublic.com/blog/tr-dojo/reset-windows-passwords-with-the-help-of-linux/