安装chntpw很简单的咯,一个yum install -y chntpw就搞掂了!
- [root@Derek derek]# rpm -ql chntpw
- /usr/bin/chntpw
- /usr/bin/cpnt
- /usr/bin/reged
- /usr/share/doc/chntpw-0.99.6
- /usr/share/doc/chntpw-0.99.6/GPL.txt
- /usr/share/doc/chntpw-0.99.6/HISTORY.txt
- /usr/share/doc/chntpw-0.99.6/LGPL.txt
- /usr/share/doc/chntpw-0.99.6/README.Dist
- /usr/share/doc/chntpw-0.99.6/README.txt
- /usr/share/doc/chntpw-0.99.6/WinReg.txt
- /usr/share/doc/chntpw-0.99.6/regedit.txt
- /usr/share/man/man8/chntpw.8.gz
看了一下RPM包里面就包含这么些东西,废话不多说了,直接开始破好了!首先我们就需要一个Windows的NTFS分区^_^
首先就是挂载这个NTFS的分区了,如果是用的Live-CD,比如说Fedora/Ubuntu这种的,有桌面环境的,那直接打开鹦鹉螺,然后点开就应该能自动挂载了!如果是别的话,手动挂载吧^_^
我是挂载在/media/Windows,于是有了以下的步骤:
- [root@Derek ~]# cd /media/Windows/Windows/System32/config/
- [root@Derek config]# chntpw -l SAM
- chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
- Hive name (from header): <\SystemRoot\System32\Config\SAM>
- ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
- Page at 0x6000 is not 'hbin', assuming file contains garbage at end
- File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
- Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
-
-
- * SAM policy limits:
- Failed logins before lockout is: 0
- Minimum password length : 0
- Password history count : 0
- | RID -|---------- Username ------------| Admin? |- Lock? --|
- | 01f4 | Administrator | ADMIN | dis/lock |
- | 03e8 | Derek | ADMIN | |
- | 01f5 | Guest | | dis/lock |
- [root@Derek config]# chntpw -u Derek SAM
- chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
- Hive name (from header): <\SystemRoot\System32\Config\SAM>
- ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
- Page at 0x6000 is not 'hbin', assuming file contains garbage at end
- File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
- Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
-
-
- * SAM policy limits:
- Failed logins before lockout is: 0
- Minimum password length : 0
- Password history count : 0
- | RID -|---------- Username ------------| Admin? |- Lock? --|
- | 01f4 | Administrator | ADMIN | dis/lock |
- | 03e8 | Derek | ADMIN | |
- | 01f5 | Guest | | dis/lock |
-
- ---------------------> SYSKEY CHECK <-----------------------
- SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
- SAM Account\F : 0 -> off
- SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
- Syskey not installed!
-
- RID : 1000 [03e8]
- Username: Derek
- fullname:
- comment :
- homedir :
-
- User is member of 1 groups:
- 00000220 = Administrators (which has 2 members)
-
- Account bits: 0x0214 =
- [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
- [ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
- [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
- [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
- [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
-
- Failed login count: 0, while max tries is: 0
- Total login count: 7
-
- - - - - User Edit Menu:
- 1 - Clear (blank) user password
- 2 - Edit (set new) user password (careful with this on XP or Vista)
- 3 - Promote user (make user an administrator)
- (4 - Unlock and enable user account) [seems unlocked already]
- q - Quit editing user, back to user select
- Select: [q] > 1
-
- Hives that have changed:
- # Name
- 0
- Write hive files? (y/n) [n] : y
- 0 - OK
于是很悲慛的Windows的Derek的密码被Clear掉了,虽然也是我的硬盘。。。现在我才懂得为什么物理防御是绝对需要加强的o(∩∩)o...哈哈
chntpw -l SAM这个命令会列出当前的SAM保存的用户名,于是挑到了Derek。
chntpw -u Derek SAM则是会做点小东西,比如说Clear神马的,:-)注意的是,如果不加Derek,默认修改的是Administratoro(∩∩)o...哈哈
Tips:
1. 看看自带的文档吧o(∩∩)o...
/usr/share/doc/chntpw-0.99.6/GPL.txt
/usr/share/doc/chntpw-0.99.6/HISTORY.txt
/usr/share/doc/chntpw-0.99.6/LGPL.txt
/usr/share/doc/chntpw-0.99.6/README.Dist
/usr/share/doc/chntpw-0.99.6/README.txt
/usr/share/doc/chntpw-0.99.6/WinReg.txt
/usr/share/doc/chntpw-0.99.6/regedit.txt
阅读(956) | 评论(0) | 转发(0) |
