chntpw is a Linux utility to (re)set the password of any user that has a valid (local) account on your Windows NT / 2k / XP / Vista / Win7, by modifying the crypted password in the registry’s SAM file. You do not need to know the old password to set a new one. It works offline i.e., you have to shutdown your computer and boot off a linux floppy disk or on the dual boot system.
In addition it also contains a simple registry editor (same size data writes) and an hex-editor which enables you to fiddle around with bits and bytes in the file as you wish.
* Simple interactive registry edit (command based), including hex edit of value data in unsupported value types.
* Export of registry (or parts of it) to .reg file readable by Windows regedit.exe. No import yet.
* Password reset, password change (partial)
* User unlock
* User promotion (add to administrators group)
* Some syskey reset actions (NT4/2k/XP), but risky.
Open the terminal and type following command to install chntpw
sudo apt-get install chntpw
Mount the Windows NTFS or FAT32 partition (replace /dev/sda1 to your actual windows partition) to the Linux system with read and write access support.
mount /dev/sda1 /mnt/c/
Locate the SAM file for Windows 2000, Windows NT or Windows XP, which is normally located at the either \Windows\System32\config or \Winnt\System32\config folder.
Inside the folder, issue the following command to automatically change the administrator password:
And if you see the output similar with image below, it’s mean you can crack the SAM file.
From the menu, press option “1” to automatically change the administrator password:
Issue the following command (replace USERNAME with actual user name on the computer) to change the password for a normal restricted user account:
chntpw -u USERNAME SAM
Tip: To list all the users in the SAM file, use the chntpw -l SAM command.