百般无赖,于是开始搜索Fedora的仓库。于是就发现了这么个东东,破解Windows登录密码的chntpw。于是我觉得晚上回家有事做了o(∩∩)o...哈哈
安装chntpw很简单的咯,一个yum install -y chntpw就搞掂了!
- [root@Derek derek]# rpm -ql chntpw
-
/usr/bin/chntpw
-
/usr/bin/cpnt
-
/usr/bin/reged
-
/usr/share/doc/chntpw-0.99.6
-
/usr/share/doc/chntpw-0.99.6/GPL.txt
-
/usr/share/doc/chntpw-0.99.6/HISTORY.txt
-
/usr/share/doc/chntpw-0.99.6/LGPL.txt
-
/usr/share/doc/chntpw-0.99.6/README.Dist
-
/usr/share/doc/chntpw-0.99.6/README.txt
-
/usr/share/doc/chntpw-0.99.6/WinReg.txt
-
/usr/share/doc/chntpw-0.99.6/regedit.txt
-
/usr/share/man/man8/chntpw.8.gz
首先就是挂载这个NTFS的分区了,如果是用的Live-CD,比如说Fedora/Ubuntu这种的,有桌面环境的,那直接打开鹦鹉螺,然后点开就应该能自动挂载了!如果是别的话,手动挂载吧^_^
我是挂载在/media/Windows,于是有了以下的步骤:
- [root@Derek ~]# cd /media/Windows/Windows/System32/config/
-
[root@Derek config]# chntpw -l SAM
-
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
-
Hive name (from header): <\SystemRoot\System32\Config\SAM>
-
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
-
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
-
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
-
Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
-
-
-
* SAM policy limits:
-
Failed logins before lockout is: 0
-
Minimum password length : 0
-
Password history count : 0
-
| RID -|---------- Username ------------| Admin? |- Lock? --|
-
| 01f4 | Administrator | ADMIN | dis/lock |
-
| 03e8 | Derek | ADMIN | |
-
| 01f5 | Guest | | dis/lock |
-
[root@Derek config]# chntpw -u Derek SAM
-
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
-
Hive name (from header): <\SystemRoot\System32\Config\SAM>
-
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
-
Page at 0x6000 is not 'hbin', assuming file contains garbage at end
-
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
-
Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
-
-
-
* SAM policy limits:
-
Failed logins before lockout is: 0
-
Minimum password length : 0
-
Password history count : 0
-
| RID -|---------- Username ------------| Admin? |- Lock? --|
-
| 01f4 | Administrator | ADMIN | dis/lock |
-
| 03e8 | Derek | ADMIN | |
-
| 01f5 | Guest | | dis/lock |
-
-
---------------------> SYSKEY CHECK <-----------------------
-
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
-
SAM Account\F : 0 -> off
-
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
-
Syskey not installed!
-
-
RID : 1000 [03e8]
-
Username: Derek
-
fullname:
-
comment :
-
homedir :
-
-
User is member of 1 groups:
-
00000220 = Administrators (which has 2 members)
-
-
Account bits: 0x0214 =
-
[ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
-
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
-
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
-
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
-
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
-
-
Failed login count: 0, while max tries is: 0
-
Total login count: 7
-
-
- - - - User Edit Menu:
-
1 - Clear (blank) user password
-
2 - Edit (set new) user password (careful with this on XP or Vista)
-
3 - Promote user (make user an administrator)
-
(4 - Unlock and enable user account) [seems unlocked already]
-
q - Quit editing user, back to user select
-
Select: [q] > 1
-
-
Hives that have changed:
-
# Name
-
0
-
Write hive files? (y/n) [n] : y
-
0 - OK
chntpw -l SAM这个命令会列出当前的SAM保存的用户名,于是挑到了Derek。
chntpw -u Derek SAM则是会做点小东西,比如说Clear神马的,:-)注意的是,如果不加Derek,默认修改的是Administratoro(∩∩)o...哈哈
Tips:
1. 看看自带的文档吧o(∩∩)o...
/usr/share/doc/chntpw-0.99.6/GPL.txt
/usr/share/doc/chntpw-0.99.6/HISTORY.txt
/usr/share/doc/chntpw-0.99.6/LGPL.txt
/usr/share/doc/chntpw-0.99.6/README.Dist
/usr/share/doc/chntpw-0.99.6/README.txt
/usr/share/doc/chntpw-0.99.6/WinReg.txt
/usr/share/doc/chntpw-0.99.6/regedit.txt
阅读(6023) | 评论(1) | 转发(0) |
