Results 1 to 9 of 9

Thread: Reset your Windows password, edit the Windows Registry from Ubuntu

  1. #1
    Join Date
    May 2008
    Location
    Kyiv, Ukraine
    Beans
    3
    Distro
    Ubuntu 10.04 Lucid Lynx

    Lightbulb Reset your Windows password, edit the Windows Registry from Ubuntu

    THE MAIN GOAL OF THIS TOPIC IS TO SHOW AN ABILITY OF WINDOWS REGISTRY EDITING BUT NOT PASSWORD RESETTING ONLY. IT WAS CREATED AFTER READING OF THE FOLLOWING AT THE FORUM, WHERE THE QUESTIONS STILL WITHOUT ANSWERS INFACT:

    http://ubuntuforums.org/showthread.php?t=1046931
    http://ubuntuforums.org/showthread.php?t=624943
    http://ubuntuforums.org/showthread.php?t=955950
    http://ubuntuforums.org/showthread.php?t=678747

    In connection with the Windows viruses and impossibility to start regedit or Windows in whole, sometimes Windows users need to edit the registry from outside. I've found, so far, the only utility in Linux chntpw, which was originally designed to reset passwords, and then acquired the registry editing ability.

    Editing the registry:

    1. Boot from a LiveCD or install a second system Ubuntu.

    2. Install chntpw utility:

    Code:
    sudo apt-get install chntpw
    3. Mount Windows partition:

    Find the Windows partition:

    Code:
    $ sudo fdisk -l
    Assume it is on /dev/sda2. Next step is mounting of the partiotion:

    Code:
    $ sudo mkdir /media/windows 
    $ sudo mount /dev/sda2 /media/windows
    4. Registry editing

    Code:
    $ chntpw -l /media/windows/Windows/system32/config/software
    Move to registry branch you need, for example:

    Code:
    $ cd Microsoft\Windows NT\CurrentVersion\Winlogon
    and edit a key, for example:

    Code:
    $ ed Shell
    Password resetting:

    1. See 1-3 of the previous section

    4. Find the user whose password will be changed

    Code:
    $ chntpw -l /media/windows/Windows/system32/config/SAM
    5. Password resetting

    Code:
    $ chntpw /media/windows/Windows/system32/config/SAM -u Administrator
    Just cite the places in the registry where they can hide a record of running viruses:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    The default values in Regedit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell" = "Explorer.exe"
    "Userinit" = "C:\WINDOWS\system32\userinit.exe"

    Check Explorer.exe file for double presence ... the right place for the file is Windows\ but not Windows\System32\ ...

    This post was written to open the theme to combat viruses and sms-extortionists.
    Last edited by melnichuk; August 1st, 2010 at 12:25 PM.

  2. #2
    Join Date
    Aug 2010
    Beans
    1

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    I use Windows Password Key 8.0 to reset the lost password before,i think it is also OK.

  3. #3
    Join Date
    Feb 2011
    Beans
    1

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    update:
    to edit registry, use -e key:
    HTML Code:
    $ chntpw -e /media/windows/Windows/system32/config/software
    chntpw for x64 in Ubuntu repositories doesn't work. Use version from Debian reps: http://packages.debian.org/sid/amd64/chntpw/download

  4. #4
    Join Date
    Jul 2011
    Beans
    5

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    lovlely but win7 password is not clearing.it detects and says OK but when i log on windows it again says to give a password
    Last edited by crucafix18; August 17th, 2011 at 03:30 AM.

  5. #5
    Join Date
    Dec 2011
    Beans
    1

    Question Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    Hmmm... there's no software folder in my config folder.

    So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

    owner@Owner:~$ chntpw -l /media/windows/Windows/system32/config/software
    chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
    openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
    openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
    closing hive /media/windows/Windows/system32/config/software
    Unable to open/read a hive, exiting..

    Am I doing something wrong? I'm using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD's don't work on Linux. :/

    By "assume it's on sda2" on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3....
    Last edited by Ibuntufixmypc; January 2nd, 2012 at 11:23 PM.

  6. #6
    Join Date
    Jun 2011
    Location
    United Kingdom
    Beans
    Hidden!
    Distro
    Lubuntu Development Release

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    Quote Originally Posted by Ibuntufixmypc View Post
    Hmmm... there's no software folder in my config folder.

    So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

    owner@Owner:~$ chntpw -l /media/windows/Windows/system32/config/software
    chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
    openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
    openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
    closing hive /media/windows/Windows/system32/config/software
    Unable to open/read a hive, exiting..

    Am I doing something wrong? I'm using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD's don't work on Linux. :/

    By "assume it's on sda2" on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3....

    I have no clue about the piece of software you're using, but I think if Windows is on /dev/sda3, then use /dev/sda3. I think the OP meant /dev/sda2 is normal.

  7. #7
    Join Date
    Jan 2012
    Beans
    1

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    Quote Originally Posted by Ibuntufixmypc View Post
    Hmmm... there's no software folder in my config folder.

    So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

    owner@Owner:~$ chntpw -l /media/windows/Windows/system32/config/software
    chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
    openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
    openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
    closing hive /media/windows/Windows/system32/config/software
    Unable to open/read a hive, exiting..

    Am I doing something wrong? I'm using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD's don't work on Linux. :/

    By "assume it's on sda2" on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3....

    be careful to use capital or lowercase letters in windows 7 folder is media/windows/Windows/System32/config/SOFTWARE
    Last edited by gato_negro87; January 5th, 2012 at 12:20 AM.

  8. #8
    Join Date
    Oct 2007
    Location
    USA Chicago IL
    Beans
    62
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    Re: Password Resetting

    Hi, My Dell Desktop is not allowing me to boot from CD Rom or USB so I removed the Hard Drive and plugged it into my laptop.

    Now, here is my question;

    Can I erase/clear Wind0z XP password using this method meaning my hard drive being external?

    I have Ubuntu 11.10 installed on my laptop and I've tried resetting the password but when I plug in the Hard Drive back on the Dell Desktop it doesn't work.

    I've tried resetting/erasing the password using chntpw -u <username> SAM but its not working.
    Problems cannot be solved by the same level of thinking that created them. "A. Einstein"

  9. #9
    Join Date
    Dec 2012
    Beans
    1

    Re: Reset your Windows password, edit the Windows Registry from Ubuntu

    thanks man.....

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •