Episode: 170 Title: HPR0170: Resetting Windows Passwords Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0170/hpr0170.mp3 Transcribed: 2025-10-07 12:51:52 --- So Hello and welcome HBR Listeners to Phoenix's Student Huckers Guide to Linux. Today I'm going to be talking about a program called CHNTPW or Change NT Passwords. Basically the idea about this program is say that you have a Windows system and you don't have the administrator password or forgotten the password for any of the user accounts. You can use this program to reset them. It kind of goes by the adage of, you know, if you can get local access to a machine then you pretty much can own that machine. Now as usual this is for educational purposes. I don't want you to go and use this against someone's machine that you don't have permission to do it for. I'll have some show notes available on both the Linux Society website which is www.thelinuxsociety.org.uk and I've also made my notes available over at the Linux basement as well which is www.linuxbasement.com. Now for this I've just used a standard Ubuntu installation and you can find CHNTPW in most, I mean I was able to find it in the Ubuntu repository. Imagine it will be in the Debian repository. You can also probably find it in most other distributions repository as well. There is also distributions that you can get these live security CDs and I imagine quite a few of them have this package installed on it as well. The idea is that you know you can boot up the machine in a live only mode using a live CD and reset the passwords that way. However one I've done here is I've just taken the hard drive out of a Windows machine, put it in the USB candy and mounted it as you know mounted it as you would an external hard drive and then used the package to reset the passwords. CHNTPW is a program that's primarily for overriding passwords. You don't use it to recover passwords from that. So if you're looking to actually recover the password then this isn't really how to guide for you. So as I said earlier on what you need to do is get the drive mounted and then what you'll find is you're looking for a file that's called SAM SAM. That's normally located in the System32 folder. So you can go to it should be in Windows System32 config or WinNT System32 config which other way you've got your system set up. And you're looking for a file which I said earlier on SAM SAM. Once you've found that file you can use CHNTPW to reset the password. Now once you're in that file if you do CHNTPW space-H this will give you a list of all the help options that you've got there. There is quite a few. So if one of the options you could do here is you could say CHNTPW space-L space SAM and that's the SAM file and that will list all the users that are in that SAM file. And if you wanted to reset a particular user out of that file's password you would use CHNTPW space-U space, the username space-SAM. What will happen is that will ask you what you want to reset the password to. You can choose to have blank passwords set. And normally what you can use is CHNTPW space-SAM and that will by default reset the administrators password. Now I have heard of this being used to be able to reset these passwords but it's not something that I've done before. So if that's what you're looking to do then you'll have to do a little bit of research on that as well. Okay. Some potential countermeasures to this if you are worried about someone taking your hard drive and resetting the password and getting an access to your Windows system. It is advisable that you password protect your hard drive. Most BIOSers in most systems will let you do that. And then that way if someone does gain access to your system or takes a copy of your system that they'll need the password to the hard drive before they're able to do anything like reset the password. Okay. So we're just sure that a quick recap of how to get this package working. And I'm just going to do this as though you're running a Ubuntu but I used that the aptitude package managed to be able to get a hold of CHNTPW which I just used pseudo aptitude in soul CHNTPW. Once the package was installed I mounted the external hard drive with a Windows system in it. I then navigated into that folder and navigated onto that drive and then navigated towards where the SAM folder in my case that was in Windows system 32 config and then there was a file called SAM. I changed direction. I navigated into that. Okay. From there I used CHNTPW space SAM and what that did was reset the administrators password. As usual you can find a copy of the show notes in the Linux Society website and I'm just going to give you the URL for it now. So that's HTTP, semicolon, forward slash forward slash www.thelinuxsociety.org.uk, forward slash content, forward slash changing dash NT dash password dash with dash Linux dash and dash CHNTPW. Thank you for listening and this has been Phoenix and I'll speak to you all soon.