10-07-2011, 05:33 PM
Disini saya menggunakan backtrack 5. Buka chntpw dan masukan perintah berikut
oh iya, harus ditambahkan "./" tanpa tanda " " jangan lupa di enter ya
dan untuk alamat drive tergantung dari di mana kita me-mount-nya.
Kemudian akan muncul pertanyaan:
Jika sudah tinggal quit and save
Reboot dan boot di drive windows-nya dan login dengan password yang baru kita edit tadi.
Contohnya ini yang saya copy and paste dari terminal
Note:
Ane rapihin ya bro
Konspirasi
Code:
chntpw -i /drive/C/Windows/System32/config/SAMoh iya, harus ditambahkan "./" tanpa tanda " " jangan lupa di enter ya
dan untuk alamat drive tergantung dari di mana kita me-mount-nya.
Kemudian akan muncul pertanyaan:
Quote:"What to do? ->" isikian 1 dan enter
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] n3f21t (nama user account yang akan diedit)
Lalu pada User Edit Menu: (nah disini kita akan mengedit user yang kita pilih tadi)
Select: > 2
New Password:___ (di-coloum ini kita diminta mengisikan password)
Jika sudah tinggal quit and save
Reboot dan boot di drive windows-nya dan login dengan password yang baru kita edit tadi.
Contohnya ini yang saya copy and paste dari terminal
Code:
root@bt:/pentest/passwords/chntpw# ./chntpw -i /media/C_sys/Windows/System32/config/SAMQuote:chntpw version 0.99.6 100627 (vacation), © Petter N Hagen
Hive </media/C_sys/Windows/System32/config/SAM> name (from header):
<\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0xf000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 247/52224 blocks/bytes, unused: 8/4928 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/C_sys/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> 1
Quote:===== chntpw Edit User Info & Passwords ====
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f5 | Guest | | dis/lock |
| 03e8 | n3f21t | ADMIN | |
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] nf21t
Cannot find value <\SAM\Domains\Account\Users\Names\nf21t\@>
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] n3f21t
RID : 1000 [03e8]
Username: n3f21t
fullname:
comment :
homedir :
User is member of 1 groups:
00000220 = Administrators (which has 2 members)
Account bits: 0x0214 =
[ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 65
Quote:- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
q - Quit editing user, back to user select
Select: [q] > 2
New Password: ,.,
Password changed!
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] n3f21t
RID : 1000 [03e8]
Username: n3f21t
fullname:
comment :
homedir :
User is member of 1 groups:
00000220 = Administrators (which has 2 members)
Account bits: 0x0214 =
[ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 65
Quote:- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
q - Quit editing user, back to user select
Select: [q] > q
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] q
Cannot find value <\SAM\Domains\Account\Users\Names\q\@>
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator] !
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives: </media/C_sys/Windows/System32/config/SAM>
1 - Edit user data and passwords
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed:
# Name
0 </media/C_sys/Windows/System32/config/SAM>
Write hive files? (y/n) [n] : y
0 </media/C_sys/Windows/System32/config/SAM> - OK
Note:
Ane rapihin ya bro
Konspirasi
