From 247e1f803826be57febeb3d30518a7f9aeac475c Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Jul 03 2018 03:53:52 +0000 Subject: Update to latest upstream, 1.00 / 140201 Rebase patches as needed Import additional and enhanced manual pages from Debian Adds two new binaries: sampasswd and samusrgrp Clean up rpmlint warnings (tabs, spelling, log date) --- diff --git a/.gitignore b/.gitignore index d7701df..20d7fc8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ chntpw-source-080526.zip /chntpw-source-110511.zip +/chntpw-source-140201.zip diff --git a/chntpw-110511-get_abs_path.patch b/chntpw-110511-get_abs_path.patch deleted file mode 100644 index dabcb3e..0000000 --- a/chntpw-110511-get_abs_path.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c ---- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/ntreg.c 2011-11-01 13:36:13.362856892 -0700 -@@ -1436,6 +1436,7 @@ - } - - strncpy(tmp,path,ABSPATHLEN-1); -+ tmp[ABSPATHLEN-1] = '\0'; - - if (key->type & 0x20) - keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-110511-port-to-gcrypt-debian.patch b/chntpw-110511-port-to-gcrypt-debian.patch deleted file mode 100644 index eb053aa..0000000 --- a/chntpw-110511-port-to-gcrypt-debian.patch +++ /dev/null @@ -1,190 +0,0 @@ -diff -ur chntpw-110511.orig/chntpw.c chntpw-110511/chntpw.c ---- chntpw-110511.orig/chntpw.c 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/chntpw.c 2011-11-01 13:32:10.596579799 -0700 -@@ -65,12 +65,19 @@ - #include - #include - -+#if defined(USEOPENSSL) - #include - #include --#define uchar u_char - #define MD4Init MD4_Init - #define MD4Update MD4_Update - #define MD4Final MD4_Final -+#elif defined(USELIBGCRYPT) -+ #include -+#else -+ #error No DES encryption and MD4 hashing library found -+#endif -+ -+#define uchar u_char - - #include "ntreg.h" - #include "sam.h" -@@ -142,7 +149,9 @@ - for (i=0;i<8;i++) { - key[i] = (key[i]<<1); - } -+#if defined(USEOPENSSL) - DES_set_odd_parity((des_cblock *)key); -+#endif - } - - /* -@@ -187,6 +196,7 @@ - - void E1(uchar *k, uchar *d, uchar *out) - { -+#if defined(USEOPENSSL) - des_key_schedule ks; - des_cblock deskey; - -@@ -197,6 +207,15 @@ - des_set_key((des_cblock *)deskey,ks); - #endif /* __FreeBsd__ */ - des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); -+#elif defined(USELIBGCRYPT) -+ gcry_cipher_hd_t ks; -+ uchar deskey[8]; -+ str_to_key(k,deskey); -+ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ gcry_cipher_setkey(ks, deskey, 8); -+ gcry_cipher_encrypt(ks, out, 8, d, 8); -+ gcry_cipher_close(ks); -+#endif - } - - -@@ -504,10 +523,18 @@ - int dontchange = 0; - struct user_V *v; - -+#ifdef USEOPENSSL - des_key_schedule ks1, ks2; - des_cblock deskey1, deskey2; - - MD4_CTX context; -+#elif defined(USELIBGCRYPT) -+ gcry_cipher_hd_t ks1, ks2; -+ uchar deskey1[8], deskey2[8]; -+ -+ unsigned char *p; -+ gcry_md_hd_t context; -+#endif - unsigned char digest[16]; - unsigned short acb; - -@@ -621,6 +648,7 @@ - hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); - } - -+#if defined(USEOPENSSL) - /* Get the two decrpt keys. */ - sid_to_key1(rid,(unsigned char *)deskey1); - des_set_key((des_cblock *)deskey1,ks1); -@@ -638,6 +666,25 @@ - (des_cblock *)lanman, ks1, DES_DECRYPT); - des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), - (des_cblock *)&lanman[8], ks2, DES_DECRYPT); -+#elif defined(USELIBGCRYPT) -+ /* Start the keys */ -+ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ -+ /* Get the two decrpt keys. */ -+ sid_to_key1(rid,deskey1); -+ gcry_cipher_setkey(ks1, deskey1, 8); -+ sid_to_key2(rid,deskey2); -+ gcry_cipher_setkey(ks2, deskey2, 8); -+ -+ /* Decrypt the NT md4 password hash as two 8 byte blocks. */ -+ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); -+ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); -+ -+ /* Decrypt the lanman password hash as two 8 byte blocks. */ -+ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); -+ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); -+#endif - - if (gverbose) { - hexprnt("MD4 hash : ",(unsigned char *)md4,16); -@@ -693,9 +740,17 @@ - - /* printf("Ucase Lanman: %s\n",newlanpw); */ - -+#if defined(USEOPENSSL) - MD4Init (&context); - MD4Update (&context, newunipw, pl<<1); - MD4Final (digest, &context); -+#elif defined(USELIBGCRYPT) -+ gcry_md_open(&context, GCRY_MD_MD4, 0); -+ gcry_md_write(context, newunipw, pl<<1); -+ p = gcry_md_read(context, GCRY_MD_MD4); -+ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); -+ gcry_md_close(context); -+#endif - - if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); - -@@ -704,6 +759,7 @@ - - if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); - -+#if defined(USEOPENSSL) - /* Encrypt the NT md4 password hash as two 8 byte blocks. */ - des_ecb_encrypt((des_cblock *)digest, - (des_cblock *)despw, ks1, DES_ENCRYPT); -@@ -714,6 +770,18 @@ - (des_cblock *)newlandes, ks1, DES_ENCRYPT); - des_ecb_encrypt((des_cblock *)(lanman+8), - (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); -+#elif defined(USELIBGCRYPT) -+ /* Encrypt the NT md4 password hash as two 8 byte blocks. */ -+ gcry_cipher_encrypt(ks1, despw, 8, digest, 8); -+ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); -+ -+ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); -+ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); -+ -+ /* Close keys, not needed after this */ -+ gcry_cipher_close(ks1); -+ gcry_cipher_close(ks2); -+#endif - - if (gverbose) { - hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); -diff -ur chntpw-110511.orig/Makefile chntpw-110511/Makefile ---- chntpw-110511.orig/Makefile 2011-05-11 12:33:56.000000000 -0700 -+++ chntpw-110511/Makefile 2011-11-01 13:32:10.598579767 -0700 -@@ -1,28 +1,11 @@ - # - # Makefile for the Offline NT Password Editor - # --# --# Change here to point to the needed OpenSSL libraries & .h files --# See INSTALL for more info. --# -- --#SSLPATH=/usr/local/ssl --OSSLPATH=/usr --OSSLINC=$(OSSLPATH)/include - - CC=gcc -+CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) - --# Force 32 bit --CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 --OSSLLIB=$(OSSLPATH)/lib -- --# 64 bit if default for compiler setup --#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall --#OSSLLIB=$(OSSLPATH)/lib64 -- -- --# This is to link with whatever we have, SSL crypto lib we put in static --LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a -+LIBS=$(shell libgcrypt-config --libs) - - all: chntpw chntpw.static cpnt reged reged.static - diff --git a/chntpw-140201-get_abs_path.patch b/chntpw-140201-get_abs_path.patch new file mode 100644 index 0000000..c9f1a3d --- /dev/null +++ b/chntpw-140201-get_abs_path.patch @@ -0,0 +1,10 @@ +--- chntpw-140201/ntreg.c.orig 2014-02-01 08:54:37.000000000 -0800 ++++ chntpw-140201/ntreg.c 2018-07-02 16:10:39.625152640 -0700 +@@ -1511,6 +1511,7 @@ + } + + strncpy(tmp,path,ABSPATHLEN-1); ++ tmp[ABSPATHLEN-1] = '\0'; + + if (key->type & 0x20) + keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-140201-port-to-gcrypt-debian.patch b/chntpw-140201-port-to-gcrypt-debian.patch new file mode 100644 index 0000000..45adefb --- /dev/null +++ b/chntpw-140201-port-to-gcrypt-debian.patch @@ -0,0 +1,195 @@ +01_port_to_gcrypt.patch +Paul Wise +Placed in the public domain +Port to libgcrypt to avoid GPL/OpenSSL incompatibility +Forwarded to Petter Nordahl-Hagen +Updated by Philippe Coval for debian + +--- a/chntpw.c ++++ b/chntpw.c +@@ -16,6 +16,7 @@ + * 2010-jun: Syskey not visible in menu, but is selectable (2) + * 2010-apr: Interactive menu adapts to show most relevant + * selections based on what is loaded ++ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian] + * 2008-mar: Minor other tweaks + * 2008-mar: Interactive reg ed moved out of this file, into edlib.c + * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev +@@ -79,8 +80,14 @@ + */ + + #ifdef DOCRYPTO ++#if defined(USEOPENSSL) + #include + #include ++#elif defined(USELIBGCRYPT) ++ #include ++#else ++ #error No DES encryption and MD4 hashing library found ++#endif + #endif + + #define uchar u_char +@@ -155,7 +162,9 @@ + for (i=0;i<8;i++) { + key[i] = (key[i]<<1); + } ++#if defined(USEOPENSSL) + DES_set_odd_parity((des_cblock *)key); ++#endif + } + + /* +@@ -200,6 +209,7 @@ + + void E1(uchar *k, uchar *d, uchar *out) + { ++#if defined(USEOPENSSL) + des_key_schedule ks; + des_cblock deskey; + +@@ -210,6 +220,15 @@ + des_set_key((des_cblock *)deskey,ks); + #endif /* __FreeBsd__ */ + des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks; ++ uchar deskey[8]; ++ str_to_key(k,deskey); ++ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_setkey(ks, deskey, 8); ++ gcry_cipher_encrypt(ks, out, 8, d, 8); ++ gcry_cipher_close(ks); ++#endif + } + + #endif /* DOCRYPTO */ +@@ -343,9 +362,16 @@ + int i; + char md4[32],lanman[32]; + char newunipw[34], despw[20], newlanpw[16], newlandes[20]; ++#ifdef USEOPENSSL + des_key_schedule ks1, ks2; + des_cblock deskey1, deskey2; + MD4_CTX context; ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks1, ks2; ++ uchar deskey1[8], deskey2[8]; ++ unsigned char *p; ++ gcry_md_hd_t context; ++#endif + unsigned char digest[16]; + uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25}; + #endif +@@ -460,6 +486,7 @@ + } + + #ifdef DOCRYPTO ++#if defined(USEOPENSSL) + /* Get the two decrpt keys. */ + sid_to_key1(rid,(unsigned char *)deskey1); + des_set_key((des_cblock *)deskey1,ks1); +@@ -477,6 +504,25 @@ + (des_cblock *)lanman, ks1, DES_DECRYPT); + des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), + (des_cblock *)&lanman[8], ks2, DES_DECRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Start the keys */ ++ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ ++ /* Get the two decrpt keys. */ ++ sid_to_key1(rid,deskey1); ++ gcry_cipher_setkey(ks1, deskey1, 8); ++ sid_to_key2(rid,deskey2); ++ gcry_cipher_setkey(ks2, deskey2, 8); ++ ++ /* Decrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); ++ ++ /* Decrypt the lanman password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); ++#endif + + if (gverbose) { + hexprnt("MD4 hash : ",(unsigned char *)md4,16); +@@ -544,9 +590,17 @@ + + /* printf("Ucase Lanman: %s\n",newlanpw); */ + ++#if defined(USEOPENSSL) + MD4Init (&context); + MD4Update (&context, newunipw, pl<<1); + MD4Final (digest, &context); ++#elif defined(USELIBGCRYPT) ++ gcry_md_open(&context, GCRY_MD_MD4, 0); ++ gcry_md_write(context, newunipw, pl<<1); ++ p = gcry_md_read(context, GCRY_MD_MD4); ++ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); ++ gcry_md_close(context); ++#endif + + if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); + +@@ -555,6 +609,7 @@ + + if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); + ++#if defined(USEOPENSSL) + /* Encrypt the NT md4 password hash as two 8 byte blocks. */ + des_ecb_encrypt((des_cblock *)digest, + (des_cblock *)despw, ks1, DES_ENCRYPT); +@@ -565,6 +620,18 @@ + (des_cblock *)newlandes, ks1, DES_ENCRYPT); + des_ecb_encrypt((des_cblock *)(lanman+8), + (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Encrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_encrypt(ks1, despw, 8, digest, 8); ++ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); ++ ++ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); ++ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); ++ ++ /* Close keys, not needed after this */ ++ gcry_cipher_close(ks1); ++ gcry_cipher_close(ks2); ++#endif + + if (gverbose) { + hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); +--- a/Makefile ++++ b/Makefile +@@ -2,28 +2,10 @@ + # Makefile for the Offline NT Password Editor + # +-# +-# Change here to point to the needed OpenSSL libraries & .h files +-# See INSTALL for more info. +-# +- +-#SSLPATH=/usr/local/ssl +-OSSLPATH=/usr +-OSSLINC=$(OSSLPATH)/include + + CC=gcc ++CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- +- +-# This is to link with whatever we have, SSL crypto lib we put in static +-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +-LIBS=-L$(OSSLLIB) ++LIBS=$(shell libgcrypt-config --libs) + + + all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static diff --git a/chntpw-chntpw.8 b/chntpw-chntpw.8 deleted file mode 100644 index 8b0ec85..0000000 --- a/chntpw-chntpw.8 +++ /dev/null @@ -1,96 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH CHNTPW 8 "30th May 2002" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -chntpw \- utility to overwrite Windows NT/2000 SAM passwords -.SH SYNOPSIS -.B chntpw -.RI [ options ] -.RI < samfile > -.RI [ systemfile ] -.RI [ securityfile ] -.RI [ otherreghive ] -.RI [...] -.br -.SH DESCRIPTION -This manual page documents briefly the -.B chntpw -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. -.PP -.B chntpw -is a utility to view some information and change user passwords -in a Windows NT/2000 SAM userdatabase file. It is not necessary to -know the old passwords to reset them. In addition it contains a -simple registry editor (same size data writes) -and hex-editor with which the information contained in a registry -file can be browsed and modified. -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-u username -Username to change. Default is Administrator -.TP -.B \-l -List all users in the SAM database. -.TP -.B \-i -Interactive: list all users (as per \-l) and then ask for the -user to change. -.TP -.B \-e -Registry editor with limited capabilities. -.TP -.B \-d -Use buffer debugger. -.TP -.B \-t -Show hexdumps of structs/segments (deprecated debug function). -.SH EXAMPLES -.TP -.B chntpw sam system -Opens registry hives -.B sam -and -.B system -and change administrator account. This will work even if the name -has been changed or it has been localized (since different language -versions of NT use different administrator names). -.TP -.B chntpw -u jabbathehutt mysam -Prompts for password for -.B jabbathehutt -and changes it in the -.B mysam -registry file, if found (otherwise do nothing) -.SH SEE ALSO -If you are looking for an automated procedure for password -recovery, you might look at the bootdisks provided by the -upstream author at -.BR http://home.eunet.no/~pnordahl/ntpasswd/ -.br -There is more information on how this program works available at -.IR /usr/share/doc/chntpw . -This information includes in-depth information on how the -registry works, what are syskeys and some other issues. -.SH AUTHOR -This manual page was written by -Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.8 b/chntpw.8 new file mode 100644 index 0000000..f92440b --- /dev/null +++ b/chntpw.8 @@ -0,0 +1,157 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHNTPW 8 "13th March 2010" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +chntpw \- utility to overwrite passwords of Windows systems +.SH SYNOPSIS +.B chntpw +.RI [ options ] +.RI < samfile > +.RI [ systemfile ] +.RI [ securityfile ] +.RI [ otherreghive ] +.RI [...] +.br +.SH DESCRIPTION +This manual page documents briefly the +.B chntpw +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B chntpw +is a utility to view some information and reset user passwords +in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows +Operating System (in NT3.x and later versions). This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to +know the previous passwords to reset them. In addition it contains a simple +registry editor and ahex-editor with which the information contained in a +registry file can be browsed and modified. + +This program should be able to handle both 32 and 64 bit Microsoft Windows and +all versions from NT3.x up to Win8.1. + + +.SH OPTIONS +.TP +.B \-h +Show a summary of options. +.TP +.B \-u username +Username or username ID (RID) to change. The default is 'Administrator'. +.TP +.B \-l +List all users in the SAM database and exit. +.TP +.B \-i +Interactive Menu system: list all users (as per \-l option) and then ask for the +user to change. +.TP +.B \-e +Registry editor with limited capabilities (but it does include write support). For a +slightly more powerful editor see +.B reged + +.TP +.B \-d +Use buffer debugger instead (hex editor) + +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-v +Print verbose information and debug messages. + + + + + +.SH EXAMPLES +.TP +.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/ +Mount the Windows file system and enters the directory +.B \\\\WINDOWS\\\\system32\\\\config +where Windows stores the SAM database. +.TP +.B chntpw SAM system +Opens registry hives +.B SAM +and +.B system +and change administrator account. This will work even if the name +has been changed or it has been localized (since different language +versions of NT use different administrator names). +.TP +.B chntpw -l SAM +Lists the users defined in the +.B SAM +registry file. +.TP +.B chntpw -u jabbathehutt SAM +Prompts for password for +.B jabbathehutt +and changes it in the +.B SAM +registry file, if found (otherwise do nothing). + +.SH KNOWN BUGS + +This program uses undocumented structures in the SAM database. Use with +caution (i.e. make sure you make a backup of the file before any changes +are done). + +Password changing is only possible if the program has been specifically +compiled with some cryptographic functions. This feature, however, only +works properly in Windows NT and Windows 2000 systems. It might not +work properly in Windows XP, Vista, Win7, Win8 and later systems. + +In the Debian distribution this feature is not enabled. + +.SH SEE ALSO +.B reged, samusrgrp, sampasswd + +If you are looking for an automated procedure for password +recovery, you might want to check the bootdisks (can be used in CD +and USB drives) provided by the upstream author at +.BR http://pogostick.net/~pnh/ntpasswd/ + +.br +You will find more information available on how this program works, including +in-depth details on how the registry works, in the text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.spec b/chntpw.spec index a15760d..a80129d 100644 --- a/chntpw.spec +++ b/chntpw.spec @@ -1,23 +1,26 @@ Name: chntpw # Version is taken from HISTORY.txt -Version: 0.99.6 -Release: 30.110511%{?dist} +Version: 1.00 +Release: 0.140201%{?dist} Summary: Change passwords in Windows SAM files Group: Applications/Engineering License: GPLv2 -URL: http://pogostick.net/~pnh/ntpasswd/ -Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-110511.zip +URL: http://pogostick.net/~pnh/ntpasswd/ +Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip Source2: chntpw-README.Dist -# The man page is borrowed from Debian -Source3: chntpw-chntpw.8 +# The man pages are borrowed from Debian +Source10: chntpw.8 +Source11: reged.8 +Source12: sampasswd.8 +Source13: samusrgrp.8 BuildRequires: libgcrypt-devel # Patches sent upstream on 2009-06-08. -Patch1: chntpw-110511-get_abs_path.patch +Patch1: chntpw-140201-get_abs_path.patch # Patch from Debian (RHBZ#504595). -Patch3: chntpw-110511-port-to-gcrypt-debian.patch +Patch3: chntpw-140201-port-to-gcrypt-debian.patch # Patches from Jim Meyering to improve robustness of the code. Patch4: chntpw-110511-robustness.patch @@ -30,15 +33,15 @@ Patch7: chntpw-110511-reged-no-deref-null.patch This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. You do not need to know the old password to set a new one. It works offline, that -is, you have to shutdown your computer and boot off a floppydisk or CD +is, you have to shutdown your computer and boot off a floppy disk or CD or another system. Will detect and offer to unlock locked or disabled out user accounts! There is also a registry editor and other registry -utilities that works under linux/unix, and can be used for other things +utilities that works under Linux/Unix, and can be used for other things than password editing. %prep -%setup -q -n %{name}-110511 +%setup -q -n %{name}-140201 cp -p %{SOURCE2} README.Dist sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol touch -c -r WinReg.txt WinReg.txt.eol @@ -53,17 +56,17 @@ mv WinReg.txt.eol WinReg.txt %build -make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" chntpw cpnt reged +make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" \ + chntpw cpnt reged sampasswd samusrgrp %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_bindir} -cp chntpw $RPM_BUILD_ROOT%{_bindir} -cp cpnt $RPM_BUILD_ROOT%{_bindir} -cp reged $RPM_BUILD_ROOT%{_bindir} +cp chntpw cpnt reged sampasswd samusrgrp $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/ -cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + $RPM_BUILD_ROOT%{_mandir}/man8/ @@ -74,10 +77,19 @@ cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 %{_bindir}/chntpw %{_bindir}/cpnt %{_bindir}/reged -%{_mandir}/man8/%{name}.8* +%{_bindir}/sampasswd +%{_bindir}/samusrgrp +%{_mandir}/man8/*.8* %changelog +* Mon Jul 02 2018 Conrad Meyer - 1.00-0.140201 +- Update to latest upstream, 1.00 / 140201 +- Rebase patches as needed +- Import additional and enhanced manual pages from Debian +- Adds two new binaries: sampasswd and samusrgrp +- Clean up rpmlint warnings (tabs, spelling, log date) + * Wed Feb 07 2018 Fedora Release Engineering - 0.99.6-30.110511 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -157,7 +169,7 @@ cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 * Thu Jan 15 2009 Tomas Mraz - 0.99.6-6 - rebuild with new openssl -* Sun Oct 11 2008 Conrad Meyer - 0.99.6-5 +* Sun Oct 12 2008 Conrad Meyer - 0.99.6-5 - Bump because force-tag was removed. Please add it back. * Sat Oct 11 2008 Conrad Meyer - 0.99.6-4 diff --git a/reged.8 b/reged.8 new file mode 100644 index 0000000..36ecff4 --- /dev/null +++ b/reged.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH REGED 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +reged \- utility to export/import and edit a Windows registry hives +.SH SYNOPSIS +.B reged +.RI [ options ] +.RI -x + +.B reged +.RI [ options ] +.RI -I + +.B reged +.RI [ options ] +.RI -e + + +.br +.SH DESCRIPTION +This manual page documents briefly the +.B reged +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B reged +is the an interactive command line utility that can be used to +export, import or edit a Microsoft Windows registry hive. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-x +Export parts of a hive file to a text registry (.reg) file. +Prefixstring indicates the part of the registry hive to dump (for example +HKEY_LOCAL_MACHINE\\SOFTWARE). The parameter defines the key to dump +(recursively). You can use \\ or \\\\ to list all the keys in the hive file. + +Only one hive file and one .reg file can be defined. + +.TP +.B \-I +Import the content of the input.reg file into the registry file. The value + can be any valid prefix, for example is +HKEY_LOCAL_MACHINE\\SOFTWARE. + +Only one .reg and one hive file supported at the same time + +.TP +.B \-e ... +Interactive edit one or more registry files. + +.TP +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + + +.TP +.B \-C +Automatically save all changes. Do not prompt the user. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. + +.TP +.B \-E +Do not expand the hive file (safe mode). + +.TP +.B \-t +Print debug information of allocated blocks. + +.TP +.B \-v +Print verbose information and debug messages. + +.SH KNOWN BUGS + +There are many \fBunknown\fR bugs. If you find bugs please report them to the author. + +.SH SEE ALSO +.B chntpwd, samusrgrp, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sampasswd.8 b/sampasswd.8 new file mode 100644 index 0000000..78257c2 --- /dev/null +++ b/sampasswd.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMPASSWD 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +sampasswd \- reset passwords of users in the SAM user database +.SH SYNOPSIS +.B sampasswd +.RI [ options ] +.RI -u user +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B sampasswd +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B sampasswd +is a non-interactive command line utility that can reset a user's +password and/or the user's account bits from the SAM user database file of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-r +Reset the user's password. +.TP +.B \-a +Reset all the users. If this option is used there is no need to specify the next option. +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-l +Lists the users in the SAM database. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B sampasswd -r -u theboss +Reset the password of a user named 'theboss', if found. + +.TP +.B sampasswd -r -u 0x3ea +Reset the password of the user with RID '0x3a'. + +.TP +.B samusrgrp -r -a +Reset the password of all the users in the Administrator's group (0x220) + +.TP +.B samusrgrp -r -f +Reset the password of the administrative users with the lowest RID number. +This does not include the built-in administrator (0x1f4) unless no other +administrative user can be found in the database file. + + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, samusrgrp +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/samusrgrp.8 b/samusrgrp.8 new file mode 100644 index 0000000..773448b --- /dev/null +++ b/samusrgrp.8 @@ -0,0 +1,130 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMUSRGRP 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +samusrgrp \- add or remove users from groups in SAM database files +.SH SYNOPSIS +.B samusrgrp +.RI [ options ] +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B samusrgrp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B samusrgrp +is a non-interactive command line utility that can add or remove +a user from a local group that exists in the SAM user database of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +The binary program supports multiple names. If it is called named +.B samusrtogrp +it will assume \fB-a\fR mode (add user). If it is called named +.B samusrfromgrp +it will assume \fB-r\fR mode (remove user). + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-a +The user is added to the group. This option has to be followed +by \-u and \-g . +.TP +.B \-r +The user is removed from the group. This option has to be followed +by \-u and \-g . +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-g +Group to change. The group can only be given as a group number, in hexadecimal, preceded with +with '0x'. +.TP +.B \-l +Lists the groups in the SAM database. +.TP +.B \-L +Lists the groups in the SAM database as well as their members. +.TP +.B \-s +Print the machine SID. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B samusrgrp -a -u theboss -g 0x220 SAMFILE +Adds a user named 'theboss' to the group 0x220 (Administrators) + +.TP +.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE +Adds a user with the id '0x3aa' to the group 0x221 (Users) + +.TP +.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE +Remove a user with the id '0x3ff' from the group 0x221 (Users) + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sources b/sources index 585eeb4..e597fc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a3fb358d1adec589cd6bc8dedf68896c chntpw-source-110511.zip +SHA512 (chntpw-source-140201.zip) = a26d747f6e077d1bb3e9b8077781f8c37dd978e07b7426495862f15c9004572b706c34736fc4d1ed8856b1a43335d726b4d87c688f7f9a11fd6cc3a74d71a7fa