The target Windows machine needs to be in offline mode which means that the installed OS should not be loaded. You're gonna need a bootable linux distrobution (CD or bootable usb works) with chntpw package installed.
- Mount the NTFS drive. Needs to be mounted for read/write and not read-only.
# mount -t ntfs-3g /dev/sda1 /mnt/disk1 or # ntfsmount /dev/sda1 /mnt/disk1 -o default_permissions
- Navigate to the location of the SAM file, typically located at \windows\system32\config
# cd /mnt/disk1/WINDOWS/System32/Config
- Make a back up of the SAM, security and system files.
# cp SAM SAM.bak && cp security security.bak && cp system system.bak
- Run chntpw in interactive mode with the SAM, system and security file as arguments.
# chntpw -i SAM security system
- You should be presented with an interactive screen where you can list the local users and change or reset their passwords.
NOTE: It is known that changing the user's passwords here are less reliable to work than actually just resetting/blanking their passwords. I would suggest to just blank the passwords if applicable then when you get into windows, change the passwords their. Use an "*" to Blank passwords in the interactive screens in chntpw.
- Remember to save your changes before you exit.
- Reebot computer and login to windows to see if your hack worked (more than likely it did)
# chntpw -h
#chntpw help and usage
chntpw version 0.99.3 040818, (c) Petter N Hagen
chntpw: change password of a user in a NT SAM file, or invoke registry editor.
-h This message
-l list all users in SAM file
-i Interactive. List users (as -l) then ask for username to change
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-t Trace. Show hexdump of structs/segments. (deprecated debug function)
-v Be a little more verbose (for debuging)
-L Write names of changed files to /tmp/changed
-N No allocation mode. Only (old style) same length overwrites possible
See readme file on how to extract/read/write the NT's SAM file
if it's on an NTFS partition!
Source/binary freely distributable. See README/COPYING for details
NOTE: This program is somewhat hackish! You are on your own!