hpr_transcripts/hpr0170.txt

Episode: 170
Title: HPR0170: Resetting Windows Passwords
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0170/hpr0170.mp3
Transcribed: 2025-10-07 12:51:52

---

So
Hello and welcome HBR Listeners to Phoenix's Student Huckers Guide to Linux. Today I'm going
to be talking about a program called CHNTPW or Change NT Passwords. Basically the idea
about this program is say that you have a Windows system and you don't have the administrator
password or forgotten the password for any of the user accounts. You can use this program
to reset them. It kind of goes by the adage of, you know, if you can get local access
to a machine then you pretty much can own that machine. Now as usual this is for educational
purposes. I don't want you to go and use this against someone's machine that you don't
have permission to do it for. I'll have some show notes available on both the Linux
Society website which is www.thelinuxsociety.org.uk and I've also made my notes available
over at the Linux basement as well which is www.linuxbasement.com. Now for this I've just
used a standard Ubuntu installation and you can find CHNTPW in most, I mean I was able
to find it in the Ubuntu repository. Imagine it will be in the Debian repository. You can
also probably find it in most other distributions repository as well. There is also distributions
that you can get these live security CDs and I imagine quite a few of them have this
package installed on it as well. The idea is that you know you can boot up the machine
in a live only mode using a live CD and reset the passwords that way. However one I've
done here is I've just taken the hard drive out of a Windows machine, put it in the USB
candy and mounted it as you know mounted it as you would an external hard drive and then
used the package to reset the passwords. CHNTPW is a program that's primarily for
overriding passwords. You don't use it to recover passwords from that. So if you're looking
to actually recover the password then this isn't really how to guide for you. So as I said
earlier on what you need to do is get the drive mounted and then what you'll find is you're
looking for a file that's called SAM SAM. That's normally located in the System32 folder.
So you can go to it should be in Windows System32 config or WinNT System32 config which
other way you've got your system set up. And you're looking for a file which I said earlier
on SAM SAM. Once you've found that file you can use CHNTPW to reset the password. Now
once you're in that file if you do CHNTPW space-H this will give you a list of all the
help options that you've got there. There is quite a few. So if one of the options you
could do here is you could say CHNTPW space-L space SAM and that's the SAM file and that
will list all the users that are in that SAM file. And if you wanted to reset a particular
user out of that file's password you would use CHNTPW space-U space, the username space-SAM.
What will happen is that will ask you what you want to reset the password to. You can choose
to have blank passwords set. And normally what you can use is CHNTPW space-SAM and that
will by default reset the administrators password. Now I have heard of this being used to be
able to reset these passwords but it's not something that I've done before. So if that's
what you're looking to do then you'll have to do a little bit of research on that as well.
Okay. Some potential countermeasures to this if you are worried about someone taking your
hard drive and resetting the password and getting an access to your Windows system. It is
advisable that you password protect your hard drive. Most BIOSers in most systems will let
you do that. And then that way if someone does gain access to your system or takes a copy
of your system that they'll need the password to the hard drive before they're able to
do anything like reset the password. Okay. So we're just sure that a quick recap of how
to get this package working. And I'm just going to do this as though you're running a
Ubuntu but I used that the aptitude package managed to be able to get a hold of CHNTPW which
I just used pseudo aptitude in soul CHNTPW. Once the package was installed I mounted the external
hard drive with a Windows system in it. I then navigated into that folder and navigated
onto that drive and then navigated towards where the SAM folder in my case that was in Windows
system 32 config and then there was a file called SAM. I changed direction. I navigated
into that. Okay. From there I used CHNTPW space SAM and what that did was reset the administrators
password. As usual you can find a copy of the show notes in the Linux Society website
and I'm just going to give you the URL for it now. So that's HTTP, semicolon, forward slash
forward slash www.thelinuxsociety.org.uk, forward slash content, forward slash changing dash NT dash
password dash with dash Linux dash and dash CHNTPW. Thank you for listening and this has been
Phoenix and I'll speak to you all soon.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 170`
			`Title: HPR0170: Resetting Windows Passwords`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0170/hpr0170.mp3`
			`Transcribed: 2025-10-07 12:51:52`

			`---`

			`So`
			`Hello and welcome HBR Listeners to Phoenix's Student Huckers Guide to Linux. Today I'm going`
			`to be talking about a program called CHNTPW or Change NT Passwords. Basically the idea`
			`about this program is say that you have a Windows system and you don't have the administrator`
			`password or forgotten the password for any of the user accounts. You can use this program`
			`to reset them. It kind of goes by the adage of, you know, if you can get local access`
			`to a machine then you pretty much can own that machine. Now as usual this is for educational`
			`purposes. I don't want you to go and use this against someone's machine that you don't`
			`have permission to do it for. I'll have some show notes available on both the Linux`
			`Society website which is www.thelinuxsociety.org.uk and I've also made my notes available`
			`over at the Linux basement as well which is www.linuxbasement.com. Now for this I've just`
			`used a standard Ubuntu installation and you can find CHNTPW in most, I mean I was able`
			`to find it in the Ubuntu repository. Imagine it will be in the Debian repository. You can`
			`also probably find it in most other distributions repository as well. There is also distributions`
			`that you can get these live security CDs and I imagine quite a few of them have this`
			`package installed on it as well. The idea is that you know you can boot up the machine`
			`in a live only mode using a live CD and reset the passwords that way. However one I've`
			`done here is I've just taken the hard drive out of a Windows machine, put it in the USB`
			`candy and mounted it as you know mounted it as you would an external hard drive and then`
			`used the package to reset the passwords. CHNTPW is a program that's primarily for`
			`overriding passwords. You don't use it to recover passwords from that. So if you're looking`
			`to actually recover the password then this isn't really how to guide for you. So as I said`
			`earlier on what you need to do is get the drive mounted and then what you'll find is you're`
			`looking for a file that's called SAM SAM. That's normally located in the System32 folder.`
			`So you can go to it should be in Windows System32 config or WinNT System32 config which`
			`other way you've got your system set up. And you're looking for a file which I said earlier`
			`on SAM SAM. Once you've found that file you can use CHNTPW to reset the password. Now`
			`once you're in that file if you do CHNTPW space-H this will give you a list of all the`
			`help options that you've got there. There is quite a few. So if one of the options you`
			`could do here is you could say CHNTPW space-L space SAM and that's the SAM file and that`
			`will list all the users that are in that SAM file. And if you wanted to reset a particular`
			`user out of that file's password you would use CHNTPW space-U space, the username space-SAM.`
			`What will happen is that will ask you what you want to reset the password to. You can choose`
			`to have blank passwords set. And normally what you can use is CHNTPW space-SAM and that`
			`will by default reset the administrators password. Now I have heard of this being used to be`
			`able to reset these passwords but it's not something that I've done before. So if that's`
			`what you're looking to do then you'll have to do a little bit of research on that as well.`
			`Okay. Some potential countermeasures to this if you are worried about someone taking your`
			`hard drive and resetting the password and getting an access to your Windows system. It is`
			`advisable that you password protect your hard drive. Most BIOSers in most systems will let`
			`you do that. And then that way if someone does gain access to your system or takes a copy`
			`of your system that they'll need the password to the hard drive before they're able to`
			`do anything like reset the password. Okay. So we're just sure that a quick recap of how`
			`to get this package working. And I'm just going to do this as though you're running a`
			`Ubuntu but I used that the aptitude package managed to be able to get a hold of CHNTPW which`
			`I just used pseudo aptitude in soul CHNTPW. Once the package was installed I mounted the external`
			`hard drive with a Windows system in it. I then navigated into that folder and navigated`
			`onto that drive and then navigated towards where the SAM folder in my case that was in Windows`
			`system 32 config and then there was a file called SAM. I changed direction. I navigated`
			`into that. Okay. From there I used CHNTPW space SAM and what that did was reset the administrators`
			`password. As usual you can find a copy of the show notes in the Linux Society website`
			`and I'm just going to give you the URL for it now. So that's HTTP, semicolon, forward slash`
			`forward slash www.thelinuxsociety.org.uk, forward slash content, forward slash changing dash NT dash`
			`password dash with dash Linux dash and dash CHNTPW. Thank you for listening and this has been`
			`Phoenix and I'll speak to you all soon.`