Tuesday, March 14, 2017

Removing Windows OS Passwords with CHNTPW on Kali Linux



Removing Windows OS Passwords with CHNTPW on Kali Linux




After Some Requests, I made this tutorial on How to Remove Windows Passwords
So First of all lets see which tool we are going to use

[UPDATE] If you are having any kinda problem with this method on windows 8/8.1 then try this method
Changing Windows 8/8.1 Password with CHNTPW
If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial
Cracking Windows 8/8.1 passwords with Mimikatz
Tool Name:- chntpw
Tool Description: Obviously its going to be what the man page of tool says: "chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file,  usually  located  at  WINDOWSsystem32configSAM on the  Windows file system. It is not necessary to know the old passwords to reset them.  In addition it contains a simple registry editor  (same  size  data writes) and hex-editor with which the information contained in a registry file can be browsed and modified."

Attack Requirements:
1. Physical Access to victims Computer.
2. A live bootable pendrive of Kali Linux.

    (Download Kali Linux)

So Lets get started:
Step 1: Mounting the drive containing Windows OS-> This one is easy aint it? Well so that you might not have forgotten how to do it, Ill type the syntax:
ntfs-3g /dev/sda1 /media/win
Note that sda1 in above command is the partition on which Windows OS is installed yours can be different. To check yours simply type fdisk -l which will list your all partitions and then check by yourself on which partition your Windows OS is installed. If you cant get it this way then dont worry Im still here well then you can try doing it in GUI way. Click on Applications > Accessories > Disk Utility then select victims hard disk and see on which partition Windows OS is installed. If Windows Partition is installed on any other partition then replace sda1 in the above command with that which you found e,g sda2. Also note that if there is no such directory as win (mentioned in above command) in your /media folder then you must create one which is simple just type mkdir /media/win this command will make win folder in media folder on which youll mount victims Windows OS (It is not necessary that its name be win you can use any name).
Step 2: OK after successfully mounting Victims Windows OS now you need to move there but wait not only there instead very much deep in there. You need to move to config folder which is located in System32 folder (Note that it is Capital S in windows 7 & 8). You can move there using this command:-
cd /media/win/Windows/System32/config/ (On Windows 7 & 8)
or
cd /media/win/WINDOWS/system32/config/ (On Windows XP and those before it)
Step 3: Now is the most tough part of game (only if tough means easy :) ). Now as when you are inside the config directory type the following command to see the list of users available on Victims Machine:
chntpw -l SAM (remember it is ell not 1)

note the name of user whose password you want to clear.
Step 4: Oh man our happy journey is coming to an end now. Follow the upcoming steps to blast Victims Windows OS password:
type the command:
chntpw -u <username> SAM

Note: <username> here is the name of user you noted in the above step.
it will display different options before you.
type 1 and hit enter
type y and hit enter


Voola you busted Victims password now turn off Kali and Open Victims Windows OS without knowing His/Her Password. Bad Bad Bad...

For More Info on chntpw type this in your terminal:
man chntpw
This will display Manual Page of chntpw...

Happy Cracking... :)
Dont forget to read the Disclaimer

Available link for download