For this tutorial I am using Backtrack 3, and will be removing my password on Windows 7 Professional.
Step 1. Restart your PC with the Backtrack disc in your drive and boot from the
cd/dvd. You don’t have to do anything once the bootup process starts. It will
take about 2-4 minutes depending on your hardware setup. Once you get to your
Desktop we are ready to begin.
Step 2. The first thing we need to do is find out what Backtrack has labeled your C: Drive As. So click on the K button which looks like this (From now on i will refer to this as the start button for all you Windows fans.) From the start menu go to System > System Information > Partitions. Find you C: Drive (which will be labeled as NTFS) and look under the mount point category. Mine is labeled as /mnt/sda1.This also can be labeled as hda1, hda0, sda0 or any other combination. Its important that you know this for later on so make a note of it.
Step 3. Click on the start button Go to the Backtrack Folder > Priveleged Escalation > Password Attacks > chntpw. This will bring up a command line interface.
Step 4. At the bt chntpw# prompt type the following command and press enter.
Code:
chntpw -i /mnt/sda1/Windows/System32/config/SAM
You will now get some options and it will look like this
You must note that this command is very case sensitive.
Code:
chntpw -i /mnt/sda1/Windows/System32/config/SAM
You need caps and lower case where required. If your unsure of the spelling in the path name click on the 3rd button on the task bar. Looks like this This is called Konqueror and is equal to Windows Explorer. Browse through Windows/System32/config/SAM and make sure you get the spelling perfect otherwise the command will not work. XP, Vista and 7 are all different so I recommend you
do this just to ensure you have no errors.
Step 5. We want to Edit user data and passwords so press 1 and hit enter
Step 6. Type the name of the user of which you want to remove there password
(preferably an administrator account) and press enter. For this tutorial I will
use my Windows account
Step 7. We now want to Clear (blank) user password. Press 1 and hit enter
Step 8. You should get a Password cleared! message (YES!!!)
Step 9. These next couple of steps are very important. We now need to make
sure that the account is not locked out.
Step 10. Type the same user name as you did in step 6. and press enter
Step 11. Now we need to Unlock and enable user account so type 4 and press enter
Step 12. You should get the message Unlocked!
Step 13. Now we are pretty much done we just need to quit and save so type ! and press enter
Step 14. Type q and press enter
Step 15. Type y to Write hive files and press enter
Step 16. Done!! YEAH!!! You can now restart your computer and boot up to
Windows. (go to start > logout > restart) If you only have one user account it should automatically log you in. But if it doesn’t all you will have to do
is click on your username and no password will be required. Note that when you
restart, your cd/dvd drive will automatically eject your live cd/dvd media
You need caps and lower case where required. If your unsure of the spelling in the path name click on the 3rd button on the task bar. Looks like this Thi
No comments:
Post a Comment