You should see something like this:
1. mkdir /mnt/sam && mount /dev/<windows partition> /mnt/sam && cd /mnt/sam && ls.
2. You should see your windows files from the windows partitions. I was using Windows XP. then cd into /WINDOWS/system32/config and list whats there. In Windows XP it was "SAM"
3. cp SAM /pentest/password/chntpw/ && cd /pentest/password/chntpw && ./chntpw -l SAM
Hope this does good, Im sure I will reference it a few times more. If you get a chance to use this on a Vista machine please let me know where the SAM file was. :)
trevelyn@celeritas:/mnt/usb/chntpw$ ./chntpw --help
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
./chntpw: invalid option -- -
chntpw: change password of a user in a NT/2k/XP/2k3/Vista SAM file, or invoke registry editor.
chntpw [OPTIONS] <samfile> [systemfile] [securityfile] [otherreghive] [...]
-h This message
-u <user> Username to change, Administrator is default
-l list all users in SAM file
-i Interactive. List users (as -l) then ask for username to change
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-t Trace. Show hexdump of structs/segments. (deprecated debug function)
-v Be a little more verbose (for debuging)
-L Write names of changed files to /tmp/changed
-N No allocation mode. Only (old style) same length overwrites possible
See readme file on how to get to the registry files, and what they are.
Source/binary freely distributable under GPL v2 license. See README for details.
NOTE: This program is somewhat hackish! You are on your own!