Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1422298
  • 博文数量: 254
  • 博客积分: 4173
  • 博客等级: 中校
  • 技术积分: 3400
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-03 21:24
个人简介

不为失败找借口,只为成功找方法!

文章分类

全部博文(254)

文章存档

2021年(3)

2020年(1)

2019年(2)

2017年(10)

2016年(6)

2015年(19)

2014年(24)

2013年(19)

2012年(52)

2011年(118)

分类: LINUX

2011-03-13 20:02:56

 安装chntpw很简单的咯,一个yum install -y chntpw就搞掂了!
  1. [root@Derek derek]# rpm -ql chntpw
  2. /usr/bin/chntpw
  3. /usr/bin/cpnt
  4. /usr/bin/reged
  5. /usr/share/doc/chntpw-0.99.6
  6. /usr/share/doc/chntpw-0.99.6/GPL.txt
  7. /usr/share/doc/chntpw-0.99.6/HISTORY.txt
  8. /usr/share/doc/chntpw-0.99.6/LGPL.txt
  9. /usr/share/doc/chntpw-0.99.6/README.Dist
  10. /usr/share/doc/chntpw-0.99.6/README.txt
  11. /usr/share/doc/chntpw-0.99.6/WinReg.txt
  12. /usr/share/doc/chntpw-0.99.6/regedit.txt
  13. /usr/share/man/man8/chntpw.8.gz
    看了一下RPM包里面就包含这么些东西,废话不多说了,直接开始破好了!首先我们就需要一个Windows的NTFS分区^_^
    首先就是挂载这个NTFS的分区了,如果是用的Live-CD,比如说Fedora/Ubuntu这种的,有桌面环境的,那直接打开鹦鹉螺,然后点开就应该能自动挂载了!如果是别的话,手动挂载吧^_^
    我是挂载在/media/Windows,于是有了以下的步骤:
  1. [root@Derek ~]# cd /media/Windows/Windows/System32/config/
  2. [root@Derek config]# chntpw -l SAM
  3. chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
  4. Hive name (from header): <\SystemRoot\System32\Config\SAM>
  5. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
  6. Page at 0x6000 is not 'hbin', assuming file contains garbage at end
  7. File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
  8. Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
  9. * SAM policy limits:
  10. Failed logins before lockout is: 0
  11. Minimum password length : 0
  12. Password history count : 0
  13. | RID -|---------- Username ------------| Admin? |- Lock? --|
  14. | 01f4 | Administrator | ADMIN | dis/lock |
  15. | 03e8 | Derek | ADMIN | |
  16. | 01f5 | Guest | | dis/lock |
  17. [root@Derek config]# chntpw -u Derek SAM
  18. chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
  19. Hive name (from header): <\SystemRoot\System32\Config\SAM>
  20. ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
  21. Page at 0x6000 is not 'hbin', assuming file contains garbage at end
  22. File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
  23. Used for data: 245/18648 blocks/bytes, unused: 6/1672 blocks/bytes.
  24. * SAM policy limits:
  25. Failed logins before lockout is: 0
  26. Minimum password length : 0
  27. Password history count : 0
  28. | RID -|---------- Username ------------| Admin? |- Lock? --|
  29. | 01f4 | Administrator | ADMIN | dis/lock |
  30. | 03e8 | Derek | ADMIN | |
  31. | 01f5 | Guest | | dis/lock |
  32. ---------------------> SYSKEY CHECK <-----------------------
  33. SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
  34. SAM Account\F : 0 -> off
  35. SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
  36. Syskey not installed!
  37. RID : 1000 [03e8]
  38. Username: Derek
  39. fullname:
  40. comment :
  41. homedir :
  42. User is member of 1 groups:
  43. 00000220 = Administrators (which has 2 members)
  44. Account bits: 0x0214 =
  45. [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. |
  46. [ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
  47. [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
  48. [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
  49. [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
  50. Failed login count: 0, while max tries is: 0
  51. Total login count: 7
  52. - - - - User Edit Menu:
  53. 1 - Clear (blank) user password
  54. 2 - Edit (set new) user password (careful with this on XP or Vista)
  55. 3 - Promote user (make user an administrator)
  56. (4 - Unlock and enable user account) [seems unlocked already]
  57. q - Quit editing user, back to user select
  58. Select: [q] > 1
  59. Hives that have changed:
  60. # Name
  61. 0
  62. Write hive files? (y/n) [n] : y
  63. 0 - OK
    于是很悲慛的Windows的Derek的密码被Clear掉了,虽然也是我的硬盘。。。现在我才懂得为什么物理防御是绝对需要加强的o(∩∩)o...哈哈
    chntpw -l SAM这个命令会列出当前的SAM保存的用户名,于是挑到了Derek。
    chntpw -u Derek SAM则是会做点小东西,比如说Clear神马的,:-)注意的是,如果不加Derek,默认修改的是Administratoro(∩∩)o...哈哈

Tips:
1. 看看自带的文档吧o(∩∩)o...
/usr/share/doc/chntpw-0.99.6/GPL.txt
/usr/share/doc/chntpw-0.99.6/HISTORY.txt
/usr/share/doc/chntpw-0.99.6/LGPL.txt
/usr/share/doc/chntpw-0.99.6/README.Dist
/usr/share/doc/chntpw-0.99.6/README.txt
/usr/share/doc/chntpw-0.99.6/WinReg.txt
/usr/share/doc/chntpw-0.99.6/regedit.txt
阅读(992) | 评论(0) | 转发(0) |
0

上一篇:linux 操作命令

下一篇:心灵的鸡汤

给主人留下些什么吧!~~