IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

ntreg

És una altra eina proveïda pel paquet que permet modificar el registre de Windows:

TODO

?????????


% sudo chntpwd -e

chntpw

NOTA: NO està clar que funcioni amb Ubuntu. Des de backtrack funciona però...

$ sudo apt-get install chntpw

Muntar la partició de Windows amb mount. Anar a :

WINDOWS/system32/config

Si executeu l'ordre sense paràmetres (o amb el paràmetre -h') us mostrarà l'ajuda:

$ chntpw 
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
chntpw: change password of a user in a NT/2k/XP/2k3/Vista SAM file, or invoke registry  
editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
 -h          This message
 -u <user>   Username to change, Administrator is default
 -l          list all users in SAM file
 -i          Interactive. List users (as -l) then ask for username to change
 -e          Registry editor. Now with full write support!
 -d          Enter buffer debugger instead (hex editor), 
 -t          Trace. Show hexdump of structs/segments. (deprecated debug function)
 -v          Be a little more verbose (for debuging)
 -L          Write names of changed files to /tmp/changed
 -N          No allocation mode. Only (old style) same length overwrites possible
See readme file on how to get to the registry files, and what they are.
Source/binary freely distributable under GPL v2 license. See README for details.
NOTE: This program is somewhat hackish! You are on your own!

Podeu utilitzar l'ordre per tal de mostrar la llista d'usuaris:

$ chntpw -l SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 230/18432 blocks/bytes, unused: 6/1888 blocks/bytes. 


* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrador                  | ADMIN  |          |
| 03e8 | Asistente de ayuda             |        | dis/lock |
| 03eb | instalador                     | ADMIN  | dis/lock |
| 01f5 | Invitado                       |        | *BLANK*  |
| 03ea | SUPPORT_388945a0               |        | dis/lock |

Si no poseu cap usuari o provarà amb l'usuari Administrator

NOTA: Cal tenir en compte que només provarà amb l'usuari en anglès! Si teniu el sistema en català caldrà canviar la paraula de pas de l'administrador indicant el nom d'usuari de l'administrador de forma explícita

Es pot indicar un usuari concret amb:

$ sudo chntpw -u Administrador SAM

Finalment podeu provar el mode interactiu:

$ sudo chntpw -i SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 230/18432 blocks/bytes, unused: 6/1888 blocks/bytes. 
  

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0 


<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: <SAM>

 1 - Edit user data and passwords
 2 - Syskey status & change
 3 - RecoveryConsole settings
     - - -
 9 - Registry editor, now with full write support!
 q - Quit (you will be asked if there is something to save)


What to do? [1] -> chntpw

I podeu anar seguint els menús... Podeu trobar un exemple pas a pas del mode interactiu a [1]

NOTA: TODO: Segons /usr/share/doc/chntpw/README.txt Cal provar:

$ sudo chntpw SAM system SECURITY
 

Executar:

$ sudo chntpw SAM
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 230/18432 blocks/bytes, unused: 6/1888 blocks/bytes.
 
 
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrador                  | ADMIN  |          |
| 03e8 | Asistente de ayuda             |        | dis/lock |
| 03eb | instalador                     | ADMIN  |          |
| 01f5 | Invitado                       |        | *BLANK*  |
| 03ea | SUPPORT_388945a0               |        | dis/lock |

---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!)
SAM      Account\F             : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)  

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It's currently in mode = -1, Unknown-mode  

SYSTEM (and possibly SECURITY) hives not loaded, unable to disable syskey!
Please start the program with at least SAM & SYSTEM-hive filenames as arguments!  

Cannot find value <\SAM\Domains\Account\Users\Names\Administrator\@>

Hives that have changed:
#  Name
None!

Fixeu-vos que està activat el ofuscador SYSKEY. Utilitzeu tal com diu la frase:

Please start the program with at least SAM & SYSTEM-hive filenames as arguments!  

Feu doncs:

$ sudo chntpw SAM system
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 230/18432 blocks/bytes, unused: 6/1888 blocks/bytes.   

Hive <system> name (from header): <SYSTEM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>
Page at 0x3ba000 is not 'hbin', assuming file contains garbage at end
File size 3932160 [3c0000] bytes, containing 929 pages (+ 1 headerpage)
Used for data: 67166/3856424 blocks/bytes, unused: 1513/17336 blocks/bytes.  

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrador                  | ADMIN  |          |
| 03e8 | Asistente de ayuda             |        | dis/lock |
| 03eb | instalador                     | ADMIN  |          |
| 01f5 | Invitado                       |        | *BLANK*  |
| 03ea | SUPPORT_388945a0               |        | dis/lock | 

---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : 1 -> key-in-registry
SAM      Account\F             : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4) 

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It's currently in mode = 1, key-in-registry-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON'T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n] y
Updating passwordhash-lengths..
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrador                  | ADMIN  |          |
| 03e8 | Asistente de ayuda             |        | dis/lock |
| 03eb | instalador                     | ADMIN  |          |
| 01f5 | Invitado                       |        | *BLANK*  |
| 03ea | SUPPORT_388945a0               |        | dis/lock |
* SYSKEY RESET!
Now please set new administrator password!
Cannot find value <\SAM\Domains\Account\Users\Names\Administrator\@>

Hives that have changed:
 #  Name
 0  <SAM>
 1  <system>
Write hive files? (y/n) [n] : y
 0  <SAM> - OK
 1  <system> - OK

Deixeu la paraula de pas en blanc amb un asterisc.

Reinicieu.

Pas a pas per resetejar la paraula de pas de Windows des de Grub

Consulteu Grub#Resetejar_la_paraula_de_pas_de_Windows_des_de_grub_amb_la_opci.C3.B3_init

Resol·lució de problemes

Cannot find value <\SAM\Domains\Account\Users\Names\Administrator\@>

Possiblement el vostre sistema Windows està en un altre idioma diferent de l'anglès. Per exemple en català:

$ chntpw -l SAM
...
| 01f4 | Administrador                  | ADMIN  | *BLANK*  |

Fixeu-vos l'usuari està en català: Administrador

Cal doncs utilitzar:

$ chntpw -u Administrador -l SAM

Vegeu també

Enllaços externs