Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

CHNTPW(8)							     CHNTPW(8)

NAME
       chntpw - utility to overwrite passwords of Windows systems

SYNOPSIS
       chntpw  [options]  <samfile> [systemfile] [securityfile] [otherreghive]
       [...]

DESCRIPTION
       This manual page documents briefly the  chntpw  command.	  This	manual
       page  was written for the Debian distribution because the original pro‐
       gram does not have a manual page.

       chntpw is a utility to view some information and reset  user  passwords
       in  a  Windows  NT/2000 SAM userdatabase file used by Microsoft Windows
       Operating System (in NT3.x and later versions). This  file  is  usually
       located	at \WINDOWS\system32\config\SAM on the Windows file system. It
       is not necessary to know the previous  passwords	 to  reset  them.   In
       addition	 it  contains  a  simple registry editor and  ahex-editor with
       which the information contained in a registry file can be  browsed  and
       modified.

       This program should be able to handle both 32 and 64 bit Microsoft Win‐
       dows and all versions from NT3.x up to Win8.1.

OPTIONS
       -h     Show a summary of options.

       -u username
	      Username or username ID (RID) to change. The default is  'Admin‐
	      istrator'.

       -l     List all users in the SAM database and exit.

       -i     Interactive  Menu	 system: list all users (as per -l option) and
	      then ask for the user to change.

       -e     Registry editor with limited capabilities (but it	 does  include
	      write support). For a slightly more powerful editor see reged

       -d     Use buffer debugger instead (hex editor)

	      -L  Log  all changed filenames to /tmp/changed. When this option
	      is set the program automatically saves the changes in  the  hive
	      files without prompting the user.

	      Be  careful  when using the -L option as a root user in a multi‐
	      user system.  The filename is fixed and  this  can  be  used  by
	      malicious users (dropping a symlink with the same name) to over‐
	      write system files.

       -N     Do not allocate more information,	 only  allow  the  editing  of
	      existing values with same size.

       -E     Do not expand the hive file (safe mode).

       -v     Print verbose information and debug messages.

EXAMPLES
       ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
	      Mount  the  Windows  file	 system and enters the directory \WIN‐
	      DOWS\system32\config where Windows stores the SAM database.

       chntpw SAM system
	      Opens registry hives SAM and  system  and	 change	 administrator
	      account.	This will work even if the name has been changed or it
	      has been localized (since different language versions of NT  use
	      different administrator names).

       chntpw -l SAM
	      Lists the users defined in the SAM registry file.

       chntpw -u jabbathehutt SAM
	      Prompts  for password for jabbathehutt and changes it in the SAM
	      registry file, if found (otherwise do nothing).

KNOWN BUGS
       This program uses undocumented structures in the SAM database. Use with
       caution	(i.e.  make  sure  you	make  a	 backup of the file before any
       changes are done).

       Password changing is only possible if the program has been specifically
       compiled with some cryptographic functions. This feature, however, only
       works properly in Windows NT and Windows 2000  systems.	It  might  not
       work properly in Windows XP, Vista, Win7, Win8 and later systems.

       In the Debian distribution this feature is not enabled.

SEE ALSO
       reged, samusrgrp, sampasswd

       If  you	are  looking for an automated procedure for password recovery,
       you might want to check the bootdisks  (can  be	used  in  CD  and  USB
       drives)	  provided    by   the	 upstream   author   at	  http://pogo‐
       stick.net/~pnh/ntpasswd/

       You will find more information available on  how	 this  program	works,
       including in-depth details on how the registry works, in the text files
       /usr/share/doc/chntpw/README.txt and /usr/share/doc/chntpw/MANUAL.txt

AUTHOR
       This program was written by Petter N Hagen.

       This   manual   page   was   written   by   Javier   Fernandez-Sanguino
       <jfs@debian.org>,  for  the Debian GNU/Linux system (but may be used by
       others).

				13th March 2010			     CHNTPW(8)

Vote for polarhome