TUTORIAL NT Password recovery

Poster un nouveau sujet   Répondre au sujet    PasswordOne Index du Forum -> Microsoft Windows
Voir le sujet précédent :: Voir le sujet suivant  
Auteur Message

Inscrit le: 10 Avr 2007
Messages: 18

MessagePosté le: 23 Avr 2007 15:35    Sujet du message: TUTORIAL NT Password recovery Répondre en citant

Bon, ben , j'avais la flemme de le faire et j'ai enfin trouvé le tuto qui détaile tout la procédure...elle est pas belle la vie ?


Plutôt que de grande explications, voici la manipulation type. Comme vous allez pouvoir le voir, il suffit de se laisser guider. La manipulation prend entre 2 et 5 minutes.

* This utility will enable you to change the password of almost
* any user (incl. administrator) on an Windows NT/2k/XP installation
* WITHOUT knowing the old password.
* The program is now able to actually parse/follow the internal
* registry structure completely.
* There is now support for adding and deleting keys and values.
* Tested on: NT3.51 & NT4: Workstation, Server, PDC.
* Win2k Prof & Server to SP3. Cannot change AD.
* XP Home & Prof: up to SP1
* Now also works with syskey, read warnings if applicable.
* You may either let the scripts try to figure out your configuration,
* or you may do it manually from the shell prompts.
* Good luck!

Press return/enter to continue Enter
* In /etc/main.rc....
Calling scsi.rc to probe for SCSI controllers
Mounting floppy to fetch drivers from /scsi on it
SCSI-drivers found on floppy:

BusLogic.o.gz aic7xxx.o.gz

Do you have your NT disks on a SCSI controller?
y - this will autoprobe for the driver
n - no, skip SCSI, I have IDE drives
or give the scsi-driver modules name (without the .o or .gz)
+ optional parameters to go directly for a known driver

Probe for SCSI-drivers: [n]Enter

Calling part.rc to select partition
Partitions found on the disk(s):
Device Boot Start End Blocks Id System
/dev/hda1 * 1 1859 14932386 7 HPFS/NTFS

Probable NT partitions:
/dev/hda1 * 1 1859 14932386 7 HPFS/NTFS
Wnat partition contains your NT installation?
[/dev/hda1] : Enter

FAT: Did not find valid FSINFO signature.
Found signature1 0x66024a1e signature2 0xc88b6602 sector=4.
VFS: Can't find a valid FAT filesystem on dev 03:01.
mount: wrong fs type, bad option, bad superblock on /deb/hda1,
or too many mounted fil systems
/dev/hda1 is NTFS.
Trying to mount as readwrite on /mnt
NTFS volume version 3.0.
Success. Mounted NTFS /deb/hda1 on /mnt
Calling path.rc. to select path
What is the full path to the registry directory?
[winnt/system32/config] : Enter
-rw------- 1 0 0 65536 Jan 15 09:00 AppEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 default
-rw------- 1 0 0 65536 Jan 15 09:00 default.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 default.sav
-rw------- 1 0 0 65536 Jan 15 09:00 netlogon.ftl
-rw------- 1 0 0 65536 Jan 15 09:00 SAM
-rw------- 1 0 0 65536 Jan 15 09:00 SAM.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 SecEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY
-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 software
-rw------- 1 0 0 65536 Jan 15 09:00 software.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 software.sav
-rw------- 1 0 0 65536 Jan 15 09:00 SysEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 system.sav
-rw------- 1 0 0 65536 Jan 15 09:00 TempLey.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 userdiff
-rw------- 1 0 0 65536 Jan 15 09:00 userdiff.LOG
Which hives (files) do you want to edit (leave default for
password setting, separate multiple names with spaces)
[sam system security] : Enter
Copying sam system security to /tmp

Now running chntpw
chntpw version 0.99.0 030112, (c) Petter N Hagen
Hive's name (from header) (\SystemRoot\System32\Config\Sam)
ROOT KEY at offset: 0x001020

File size 32768 [8000] bytes, containing 7 pages (+ 1 headerpage)
Used, for data: 319/26472 blocks/bytes, unused: 6/1976 blocks/bytes.
Hive's name (from header): (SYSTEM)
ROOT KEY at offset: 0x001020

File size 2555904 [270000] bytes, containing 584 pages (+ 1 headerpage)
Used, for data: 44209/2524072 blocks/bytes, unused: 19/9048 blocks/bytes.
Hive's name (from header): (SYSTEM)
ROOT KEY at offset: 0x001020

File size 49152 [c000] bytes, containing 11 pages (+ 1 headerpage)
Used, for data: 859/42568 blocks/bytes, unused: 5/2136 blocks/bytes.
Hello, this is SAM!
Failed logins before lockout is : 0
Minimum password length : 0
Password history count : 0

()========() chntpw Main Interactive Menu ()========()
Loaded hives: (sam) (system) (security)
1 - Edit user data and passwords
2 - Syskey status & change
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] -> Enter

==== chntpw Edit User Info & Passwords ====

RID: 03f2, Username: (ACTUser)
RID: 03f2, Username: (Administrateur)
RID: 03f2, Username: (Guest), disabled or locked*
RID: 03f2, Username: (hoge)

Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)
or simple enter the username to change: [Administrateur] Enter
RID : 032f
Username: Administrator
comment :
homedir :

Account bits: 0x0215 =
[ ] Disabled | [ ] Homedir req. | [ ] passwd not req. |
[ ] Temp. duplicate | [X] Normail account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is : 0
Total login.count: 7
Account is disabled
Crypted NT pw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Crypted LM pw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
MD4 hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
LANMAN hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

* = blank the password (EXPERIMENTAL! but may fix problems)
Enter nothing to leave it unchanged
Please enter new password: *

Blanking password. This may actually fix things if previous password-preset
did not work. Or it may even make things worse. Happy joy!

Do you really wish to change it? (y/n) [n] y

Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)
or simple enter the username to change: [Administrateur] !

()========() chntpw Main Interactive Menu ()========()
Loaded hives: (sam) (system) (security)
1 - Edit user data and passwords
2 - Syskey status & change
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] -> q

Hives that have changed:
# Name
0 (sam)
Write hive files? (y/n) [n] : y
Calling write.rc to select write back sam file
About to write file(s) back! Do it? [n] y

Writing sam
* end of scripts.. returning to the shell..
* Press CTRL-ALT-DELL to reboot now (remove floppy first)
* or do whatever you want from the shell..
* However, if you mount something, remember to umount before reboot
* You may also restart the script procedure with 'sh /scripts/main.rc'

Merci à

Lien d'origine:

PasswordOne Index du Forum -> Microsoft Windows
