Jan
24
2009

Change Windows Password from Ubuntu/Ubuntu Live CD

Most Ubuntu users also have Windows installed on their computer.In such cases you can Reset or Change the passwords of Windows User Accounts from Ubuntu/Ubuntu Live CD using the chntpw tool.

You need to enable Read/Write Access to NTFS partition on which Windows is installed, to use the chntpw tool.

Enabling Read/Write Access

Install NTFS GUI Configuration Tool by running this code in the terminal

sudo apt-get install ntfs-config

Applications-System Tools-NTFS Configuration Tool

Tick the NTFS partition where Windows is installed and give a suitable mount point like xp.
Partions are shown as /dev/sda2 /dev/sda3
If you find this confusing,then tick all of them and assign the mount points as xp,xp1 etc.
Click on Apply.
In the next window Tick Enable Write Support for Internal Device.

screenshot-ntfs-config

Now your windows partitions are mounted as xp,xp1 etc

Places-Computer-Filesystem-Media
You can see your windows partitions mounted here as xp,xp1.
Open each one of them and look for the Windows folder.If the Windows folder is in xp then your Windows is installed in that partition.

Installing chntpw

Execute the following command in terminal

sudo apt-get install chntpw

Changing the Passwords

The windows passwords are stored in the SAM file located Windows/System32/config.
Change the directory to Windows/System32/config by

cd /media/xp/Windows/System32/config

Since the path is case sensitive you may get an error saying No such file or directory.Open the above path in the Nautilus File Manager and make a note of the Uppercase and Lowercase characters.Sometime the Windows folder might be named as windows with a lowercase w or as Windows with an uppercase W.

Once you are in the config folder execute the following commands in terminal

ls

It display the list of files in the Config folder.Make sure a file called SAM is present.

To display the list of users execute the following command at terminal.

chntpw SAM -l

chntpw1

To change the password of the Administrator account execute the following command at terminal.

chntpw SAM

And follow instructions on the screen to reset or change and press the appropriate key.Example press 1 to reset the password.

chntpw2

To change the password or make a specific user the administrator run the following command in terminal

chntpw -u USERNAME SAM

and follow the instructions on the screen.

Thats it.Now restart and boot into  Windows and log into the Administrator Account without any problems.

«

»

19 Comments + Add Comment

  • A computer with a live ubuntu most probably does not have access to the internet (specially a home desktop computer that needs a dial-up setting). How can we then apt-get these packages? Is there any offline method to load the packages from a portable memory the ubuntu live? respond to mfarshada — y — a — h- o o —-c -om

  • Thank you for this article. I was able to use it and it worked great! I had a laptop from work that had no optical drive so my Konboot was useless and this was exactly what I needed. I hope to find many more articles like this!!

    • I am glad that my article was helpful to you.

  • Thanks, I’m gonna try this. BTW, if you apt-get these on a persistent Linux flash drive, you can use it as a portable pass-changer that makes you look more pro than OphCrack.

    • Thanks kyothine, for that info on persistent Linux flash drive.

  • I have personally tested a windows password recovery tool which is named “windows login recovery”. Burn a boot CD with the program, and insert it into the problem computer and your password will be reset to “Blank”, without losing any data and you needn’t reinstall windows OS.
    more info: http://www.windowsloginrecovery.com

    • This tool is not free.You have to pay for it.

  • Nice post. I hope you keep on writing such good stuff

  • HI! You post is quite inspired.
    I also wrote a post about windows password recovery: http://blog.resetwindowspassword.com/how-to-recover-and-reset-password-in-vistaxp20032knt-for-free
    but I didn’t know the way your post mentioned.
    It is great to know it now!

  • this turorial is great! tthe only problem is that I don’t want to DELETE or CHANGE the password I just need to know what it is.
    is there a way to do that?

    Greetz

    • Windows does not store the password itself anywhere so it is not a simple task to just read the password out of a file.

      Almost all cryptological password systems use hashing functions, which take a string (in this case a password) and convert it into a huge number, this number is called the hash of the password.
      The thing that makes these functions special is that it is praticlly impossible to find an inverse for them and because of that fact, if you have a hash of a password you are unable to directly work out
      what the password that generated that hash was. This means you need to guess passwords untill it gives you the right hash.

      Now hash functions arnt perfect of course sometimes they overlap and sometimes they can be partially reversed or other weaknesses. but the point remains
      that you still cannot simply read the password out of a computer.

      if you’d like to know more about cracking password hash’s look at:

      the way windows stores its passwords — http://en.wikipedia.org/wiki/MD5
      and its known weakness to collisions — http://www.google.com.au/#hl=en&safe=off&q=md5+collision+generator&meta=&aq=0&aqi=g1&aql=&oq=md5+collision+ge&gs_rfai=&fp=a0f78b3cad76dfe2

      so you are much better off resetting someones password than finding it. If you need to find someones password and you have physical access
      a keylogger is your best bet.

      Hope this information has helped if you have more qestions please email me at boblemur A-T g-m-ai-l _ co_m

  • I just needed to say that I found your blog via Goolge and I am glad I did. Keep up the good work and I will make sure to bookmark you for when I have more free time away from the books. Thanks again!

  • i’m doing this right now and have followed every step and everything works perfectly until the part where i type in chntpw SAM-l command and it says
    “chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
    openHive(SAM-l) failed: No such file or directory, trying read-only
    openHive(SAM-l) in fallback RO-mode failed: No such file or directory
    closing hive SAM-l
    Unable to open/read a hive, exiting..”
    i am a new ubuntu user and really want to get this to work because i forgot my password to windows and reformatting is not an option. any help is appreciated!

    • The command is

      chntpw SAM -l

      .There is a space between SAM and -l

  • what if you use windows 7? what do i put in place of vistahome? thanks. John

    • I am sorry.I did not understand your question.Can u please elaborate?

  • I am new to this but if I did promote a user to administrator level.. rebooted – logged in as user – logged off and then modified SAM again to the original administrator account.. that should work too right? I’ve read in other posts that ‘chntpw’ messes up a lot.. what do they mean by this?

  • i was looking for this tutorial, thanks a lot!
    I have tried a tool which can recover any Windows password and have success.
    Compare to this:
    http://www.asunsoft.com/how-to/hack-windows-7-xp-vista-password.html

Leave a comment