rpms / chntpw

Clone
Source Code
GIT

Files

el5 el6 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f9 main rawhide
  1.   f29
  2.   chntpw.8
Blob Blame History Raw 
.\"                                      Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH CHNTPW 8  "13th March 2010"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh        disable hyphenation
.\" .hy        enable hyphenation
.\" .ad l      left justify
.\" .ad b      justify to both left and right margins
.\" .nf        disable filling
.\" .fi        enable filling
.\" .br        insert line break
.\" .sp <n>    insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
chntpw \- utility to overwrite passwords of Windows systems
.SH SYNOPSIS
.B chntpw
.RI [ options ]
.RI < samfile > 
.RI [ systemfile ]
.RI [ securityfile ]
.RI [ otherreghive ] 
.RI [...]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B chntpw
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B chntpw
is a utility to view some information and reset user passwords 
in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows
Operating System (in NT3.x and later versions). This file is usually located at
\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to
know the previous passwords to reset them.  In addition it contains a simple
registry editor and  ahex-editor with which the information contained in a
registry file can be browsed and modified.

This program should be able to handle both 32 and 64 bit Microsoft Windows and
all versions from NT3.x up to Win8.1.


.SH OPTIONS
.TP
.B \-h
Show a summary of options.
.TP
.B \-u username
Username or username ID (RID) to change. The default is 'Administrator'.
.TP
.B \-l
List all users in the SAM database and exit.
.TP
.B \-i
Interactive Menu system: list all users (as per \-l option) and then ask for the 
user to change.
.TP
.B \-e
Registry editor with limited capabilities (but it does include write support). For a 
slightly more powerful editor see 
.B reged

.TP
.B \-d
Use buffer debugger instead (hex editor)

.B \-L
Log all changed filenames to /tmp/changed. When this option is set the
program automatically saves the changes in the hive files without prompting the
user.

Be careful when using the \fB-L\fR option as a root user in a multiuser system.
The filename is fixed and this can be used by malicious users (dropping a
symlink with the same name) to overwrite system files.

.TP
.B \-N
Do not allocate more information, only allow the editing of existing values
with same size.
.TP
.B \-E
Do not expand the hive file (safe mode).
.TP
.B \-v
Print verbose information and debug messages.





.SH EXAMPLES
.TP
.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
Mount the Windows file system and enters the directory
.B \\\\WINDOWS\\\\system32\\\\config
where Windows stores the SAM database.
.TP
.B chntpw SAM system
Opens registry hives 
.B SAM
and 
.B system
and change administrator account. This will work even if the name
has been changed or it has been localized (since different language
versions of NT use different administrator names).
.TP
.B chntpw -l SAM
Lists the users defined in the 
.B SAM
registry file.
.TP
.B chntpw -u jabbathehutt SAM
Prompts for password for 
.B jabbathehutt
and changes it in the 
.B SAM
registry file, if found (otherwise do nothing).

.SH KNOWN BUGS

This program uses undocumented structures in the SAM database. Use with
caution (i.e. make sure you make a backup of the file before any changes
are done).

Password changing is only possible if the program has been specifically
compiled with some cryptographic functions. This feature, however, only
works properly in Windows NT and Windows 2000 systems. It might not
work properly in Windows XP, Vista, Win7, Win8 and later systems.

In the Debian distribution this feature is not enabled.

.SH SEE ALSO
.B reged, samusrgrp, sampasswd

If you are looking for an automated procedure for password 
recovery, you might want to check the bootdisks (can be used in CD
and USB drives) provided by the upstream author at
.BR http://pogostick.net/~pnh/ntpasswd/

.br
You will find more information available on how this program works, including
in-depth details on how the registry works, in the text files
.IR /usr/share/doc/chntpw/README.txt
and
.IR /usr/share/doc/chntpw/MANUAL.txt

.SH AUTHOR
This program was written by Petter N Hagen.

This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
for the Debian GNU/Linux system (but may be used by others).
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.