Chntpw = Goodbye SAM & SYSTEM :(
Hey guys, long story short....
I was running BT5 on a live CD on one of my computers. I was experimenting with 'chntpw'. When ever I would try run 'chntpw' it would say
Code:
The program 'chntpw' is currently not installed. You can install it by typing: apt-get install chntpw
You will have to enable the component called 'universe'
On running
Code:
apt-get install chntwpw
it says
Code:
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded
when I move to
Code:
/pentest/passwords/chntpw
and run
I can run 'chntpw' weird (any ideas for future how I can get this program running without being actually in it's directory)
--------
So I mount my windows drive in a temp folder navigate to
Code:
Windows/System32/Config
Failing to run 'chntpw' I unfortunately came up with this genius idea to mv the SAM/SYSTEM file to the 'chntpw' directory.
From here I can run ./chntpw I moved the files back and rebooted.
On a second computer I run the exact same steps as above except FORGET TO MOVE THE SAM/SYSTEM FILES BACK
I rebooted and now windows can't find the SAM/SYSTEM file so is locking me out.
Is there a way to recover a backup version of SAM/SYSTEM?
What's the best way to recover my files (I can see them using a live cd of BT)?
---------------
Lesson to be learnt. Don't be an idiot and practice in a VM :(
Thanks guys
Pete
Re: Chntpw = Goodbye SAM & SYSTEM :(
Quote:
Is there a way to recover a backup version of SAM/SYSTEM?
Here's a way to recover registry hives from the recovery point folders using the recovery console;
http://www.myfixes.com/articles/system
You can recover SYSTEM / SAM / SECURITY / SOFTWARE and DEFAULT
This will only work though if you have recovery points available.
Re: Chntpw = Goodbye SAM & SYSTEM :(
LiveCD uses RAM for storage if I'm correct so that means the SAM you moved was deleted when you rebooted. Maybe you can try windows recovery disk.
If you want to start chntpw from anywhere within the terminal, add the tool to usr/bin like so,
Code:
ln /pentest/passwords/chntpw/chntpw /usr/bin/
Re: Chntpw = Goodbye SAM & SYSTEM :(
Quote:
Originally Posted by
Jimmy87
Thanks for the quick reply, after a few attempts I managed to restore the SAM & SYSTEM files.
That website really helped, step by step guide how to restore the files. Took 3 attempts and had to delete the first SAM/SYSTEM file I restored as for some reason it did not load on start up and locked me out using XP Restore command line.
In popped my BT5 cd to delete the files again and try it again. This time using a different system restore point.
Thanks Guys
Pete
Re: Chntpw = Goodbye SAM & SYSTEM :(
Quote:
Originally Posted by
cgelici
If you want to start chntpw from anywhere within the terminal, add the tool to usr/bin like so,
Code:
ln /pentest/passwords/chntpw/chntpw /usr/bin/
Another option would be to edit the "/etc/environment" file and add to the PATH variable.
Re: Chntpw = Goodbye SAM & SYSTEM :(
Quote:
Thanks for the quick reply, after a few attempts I managed to restore the SAM & SYSTEM files.
I'm glad it worked for you, I've used it many times and it's handy to know how to do it. Can be a bit hit and miss tho, every so often I get a computer where system restore isn't enabled and there aren't any restore points.
