Sunday, 6 May 2012

chntpw on backtrack 5

chntpw(Clear password)

chntpw on backtrack 5 
Learn how to use chntpw on backtrack 5 

  • chntpw program is written by Petter N Hagen .
  • chntpw is used to bypass the windows NT/2k/XP/2k3/Vista/Win7 SAM file .
  • chntpw can handle both 32 and 64 bit windows.
  • With chntpw you can clear the user password.
  • chntpw is used to edit the user password.
  • chntpw is also used to enable the user account .


Here , I had divided this article into two section-

  1. - Mount the disk partition
  2. - Using the chntpw program 

How to Mount the Disk Partition 

Step 1 : Use fdisk -l command to view the Disk Partition.( As shown in the image below )


STEP 2 : Create a mount point using the command - mkdir /mnt/window7



Command : mount /dev/sdb3 /mnt/window7

STEP 4 : Now navigate to windows 7 directory .

  • Command : cd /mnt/window7
  • Also we use ' ls ; command to check next directory(Windows) is present here or not .


STEP 5 : Navigate to Windows Directory 

  • Command : cd Windows           // shown in the image . Click the image to view large .

STEP 6: Use 'ls ' commmand used to check System32 directory is present or not .

  • Command : ls                               // shown in the image

STEP 7 :Navigate to System32 directory 

chntpw System32

STEP 8: Navigate to config directory Directory                   // click the below image to view large

STEP 9 : Use 'ls' command TO CHECK the SAM is present or not .

  • The reason behind  all the above steps is to give you the correct path of SAM file .
  • So the final  path  in -

  • Window7 --> /mnt/window7/Windows/System32/config/SAM

  • When I mount the Windows XP then there is a small difference , check it out whats that -
  • WindowsXP --> /mnt/windowsXP/WINDOWS/system32/config/SAM

  • Here in windowsXP - 'WINDOWS' Written in capital letters and 'system32' written in small letters  while 
  • In Window7 - Only 'W' is capital in Windows directory and 'S' is capital in System32 directory . 


How to use chntpw

Step 1 :How to open chntpw 

Backtrack > Priviledge Escalation > Password Attacks > Offline Attacks > chntpw

Step 2: Below image shows the chntpw 

Step 3 : Command to start the program

Command : ./chntpw -i /mnt/window7/Windows/System32/config/SAM

(All details shown in the image)

Follow all the steps shown in the image below -

Step 4: chntpw Edit User Info & Passwords 

In this step , you have to enter the usename to change the passwords. As shown below -

Step 5 :User Edit Menu 

In this step you have to enter '1' to clear the user password as shown in the image .



In this step , you have to quit the program by pressing !(Exclamation Sign ) and then press 'q' to quit .

And at the last it ask you to save the file in the Harddisk . Remember you have to press y(yes) as shown in the image . to save the new SAM file in your Harddisk .

Here is the result  it shows the password is blank , Shown in the image below -

After clear the password Restart your  PC . 


There are two sections -

Section  1 -

  1. fdisk -l
  2. mkdir /mnt/window7
  3. mount /dev/sdb3 /mnt/window7
  4. cd /mnt/window7
  5. cd Windows
  6. ls
  7. cd System32
  8. ls
  9. cd config
Final Path - /mnt/window7/Windows/System32/config/SAM

Section 2 -
  1. Backtrack > Priviledge Escalation > Password Attack > Offline Attack > chntpw
  2. ./chntpw -i /mnt/window7/Windows/System32/config/SAM
  3. 1                        // Enter the numeric 1 
  4. hackingDNA        //Enter the username .
  5. 1                         //Enter the numeric 1 
  6. !                         // Exclamation Sign 
  7. q                        // To quit 
  8. y                         // y (yes) 
  9. Restart 

This is how we can use " chntpw " in Backtrack 5 

Join Us



Anonymous said...

Thanks great input

Anonymous said...

I did this and it worked until I logged back into windows... From there the account had disappeared yet in Account Control it is still visible and it still has its archives and data.

note: on the start up windows ran the chkdisk to check the consistancy of the OS.

Any ideas?

Anonymous said...

When I tried to quit it didnt give me the write to SAM file. Please advise.


Angry IPScanner On Backtrack 4 Arduino Arduino Opensource community attacks on router auditing tool Aurora Exploiting Through Kali Linux AUTOSCAN ON BACKTRACK 5 BackBox Linux On hackingDNA Backtrack 5 : Linux Commands Backtrack Bootable Pendrive Backtrack Tool : The Harvester Blender On Backtrack 5 Block Command Prompt Browser Autopwn On Backtrack 5 BUGTRAQ LOG REMOVER BLEACHBIT chkrootkit on Backtrack 5 chntpw on backtrack 5 cisco switches routing auditing tool. Client Side Attack On Backtrack 5 Command Shell Upgrade On Backtrack 5 Conky On Backtrack 5 convert guest account into admin using chntpw in backtrack 5 Convert Jpg Image into Ascii on Backtrack 5 countermeasures Cracking Unix Password On Backtrack 5 Cupp On Backtrack 5 Cutycapt On Kali Linux Detect Sniffer6 On Kali Linux dmitry on backtrack 5 Dnmap On Kali Linux dnsenum on backtrack 5 dnsrecon on backtrack 5 dnstracer on backtrack 5 dnswalk on backtrack 5 DOMAIN TOOL ON BUGTRAQ Dos attack driftnet on backtrack 5 dsniff on backtrack 5 enum4linux esp8266 EtherApe On BackTrack 5 ewizard on backtrack 5 ExifTool On BackTrack 5 Exploit Distccd On BackTrack 5 Exploit RDP Vulnerability On Kali Linux Exploit Samba Server On Backtrack 5 fatback on backtrack 5 FERN CRACKER ON BACKTRACK 5 Fierce in Backtrack 5 findmyhash : Crack the hash on Backtrack 5 Firewalk-Script On BackTrack 5 Firewall On Backtrack 5 Flash Player On Backtrack 5 Genlist On Backtrack 5 Gerix Cracker On Backtrack 5 Get Your Data Back Golismero On BackTrack 5 GOOFILE ON BUGTRAQ Google Kung-Fu goohost on backtrack 5 Grendel-Scan On Backtrack 5 gtk-recordmydesktop on backtrack 5 HACK BACKTRACK 5 via RAT Hack The Database with Backtrack 5 Hack the Facebook with Backtrack 5 Hack the windows in GNS3 Hack Windows XP using Backtrack 5 Hack Windows Xp using msfconsole hacking Hacking Lab 01 Hacking Windows 7 USING Backtrack 5 hackingdna hackingDNA choice :Best Antivirus Detection honeyd on backtrack 5 honeypot on backtrack 5 HOW TO INSTALL REDHAT ENTERPRISE LINUX 5 How to block ICMP request How To Install CAINE How to Install Chromium Browser on Backtrack 5 How to Install Windows 7 Ultimate How To Install Xampp On Kali Linux How to make new User in Backtrack 5 How to see files and directories on Linux how to use arduino in kali linux How to use Host Command on Backtrack 5 How to use Nano Editor on Backtrack 5 How to use Ping Command on Backtrack How to use whois tool on Backtrack 5 hping2 on backtrack 5r2 Httprint On BackTrack 5 icmpv6 flooding attack ifconfig command Installing And Accessing Backdoor On Backtrack 5 Installing software on Backtrack 5 using apt-get ipcalc on backtrack 5 Itrace On BackTrack 5 Jigsaw On Backtrack 5 Joomscan On Backtrack 5 KALI ARMITAGE ON KALI LINUX kali linux kali linux arduino Kali Linux Installation Kali Rolling Release 2016.2 keimpx on backtrack 5 Lanmap On Backtrack 4 Learn arping on Backtrack 5 Learn Basic of Internet with DAWN OF THE NET Learn Basics if Screen Utility Learn cmospwd on Backtrack 5 Learn dnsdict6 on backtrack 5 Learn fping on Backtrack 5 Learn Help Utilities Command On Backtrack 5 Learn hexedit on Backtrack 5 Learn how to hack root account on REDHAT5 Learn How to Install Backtrack 5 Learn how to make Bootable Pendrive Learn how to split Terminal into different regions Learn How To Split Terminal on backtrack 5 Learn how to use Armitage in Backtrack 5 Learn how to use chntpw on backtrack 5 LEARN HOW TO USE CISCO PACK ON BUGTRAQ - II Learn How to use ettercap on Backtrack 5 for hacking username and passwords Learn how to use Netstat Commands On Backtrack 5 Learn how to use nipper Learn How to work with Vim editor on Backtrack 5 Learn Linux Commands on Backtrack Environment Learn Netdiscover On Backtrack 5 Learn Pentbox On Backtrack 5 Learn Recoverjpeg on Backtrack 5 Learn samdump on backtrack 5 Learn TrueCrypt On Backtrack 5 LINUX NETWORKING COMMANDS ON BACKTRACK 5 linux OS LINUX PARTITION ON BACKTRACK 5 List-Urls On Backtrack 4 Load Balancing Detector On Backtrack 5 LOG REMOVER BLEACHBIT Lynis On Backtrack 5 Mac Tracker On Backtrack 5 macchanger on backtrack 5 Matriux Installation On hackingDNA Metaexploit Framework : Collecting Email Addresses Metasploit Framework With Basic Commands Meterpreter on Backtrack 5 mitre-cve on backtrack 5 MSF AUXILIARY SCANNING ON BACKTRACK 5 msf scanning on backtrack 5 nbtscan on backtrack 5 NESSUS ON BACKTRACK 5 Net Card Config Netcat : Learn how to create a instant chat session on Backtrack 5 netenum on backtrack 5 Netifera On Backtrack 5 NETMASK On Backtrack 5 NIKTO ON KALI LINUX Nmap Scanning On Backtrack 5 nmap smb script offensive security Oneko And Cowsay On BackTrack 5 OpenOffice On Backtrack 5 OpenVAS On Backtrack 5 Orion Browser History Dumper v1.0 Penetration Testing Pipal On Backtrack 5 PostgreSQL On Kali Linux Practice Session On Backtrack 5 PROTOS on backtrack 5 Reconnaissance Recover Kali Password Remote Desktop Connection Remote Desktop On Backtrack 5 Remote Desktop Sharing Removing Backdoor on Backtrack 5 Restrict Control Panel Restrict Registry Editor by Group Policies Rkhunter On Backtrack 5 router auditing tool Router Penetration Testing router security Safecopy On Backtrack 5 samba testing samrdump on backtrack 5 Scanning security auditing tool Shell Scripting On Kali Linux Shrink and Create Partition on Windows 7 Shutter On Backtrack 5 siege on backtrack 5 smb enumeration smb hacking Smbclient On Backtrack 5 Smtpscan On Backtrack 5 SMURF6 ON KALI LINUX Sniff Images on Backtrack 5 using Driftnet Snort On Backtrack 5 snurf6 Software Updates On Kali linux Spoof Your MAC Address on Backtrack 5 sql attack SSID ssldump on backtrack 5 sslstrip on backtrack 5 Start Backtrack 5 Without Startx Steam Locomotive On BackTrack5 Stop Bruteforce attack System Monitor On Backtrack 5 tcptraceroute on backtrack 5 Tctrace On Backtrack 5 TeamViewer On BackTrack 5 TELNET On Backtrack 5 Terminator On Backtrack 5 the Harvester On Backtrack 5 Things you should know about Backtrack Tweak Your System Settings On Backtrack 5 Tweak Your System Settings On Backtrack 5 Part 2 Unicornscan On BackTrack 5 Uniscan On Backtrack 5 urlcrazy on backtrack 5 urlsnarf on backtrack 5 WBOX on Backtrack 4 and 5 Weak points Web Httrack::Web Copier Websecurify On BackTrack5 Webshag On Backtrack 5 WEP CRACKING ON BACKTRACK 5 whatweb on backtrack 5 WHATWEB ON BUGTRAQ Wiffit (wafw00f): Firewall Detection Tool On Backtrack 5 wireshark Xpdf On Backtrack 5 xprobe2 on backtrack 5 Zenmap

Popular Posts