SAM file oh my!

[cheruvian]

I have a windows 7 box that I was trying to pen test... I began with the basic chntpw on ubuntu.. trying to clear/change the password. When I rebooted into windows the passwords I had "set" was not valid, the password was not cleared (for another acct) and the Administrator account had not been enabled as I had selected. I continued to try using chntpw but eventually gave up.
Now on BT4 I've tried bkhive, and john but neither seems to be working (both are throwing me errors)
BKHive:

root@bt:/mnt/WIN/Windows/System32/config# bkhive system /root/key
bkhive 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it

Error opening hive file system


and
John:

root@bt:/pentest/passwords/jtr# ./john -format:NT /root/ipass
Loaded 1 password hash (NT MD4 [128/128 SSE2 + 32/32])
Crash recovery file is locked: ./john.rec



Does anyone have any ideas as to why this is happening and/or what I should do about it.

PS although I don't want a direct answer (A start in the right direction would be nice), I'm at the point where I really do just want to make sure I haven't screwed things up too badly so solutions and help are much appreciated

[comaX]

Oh boy. I think you made a post about the same subject twice, which is not very appreciated...

Anyway, if you're attacking the machine you're running BT on, there is a useful tool called "utilman' if I remember correctly. You should try looking that way.

As for messing anything, I know some would say "you don't know what you're doing, maybe try something else from BT".

[2901119]

i had the same issue with chntpw, it wouldn't clear the password. I eventually moved onto samdump2 and just cracked the hash. also when using bkhive dont do /root/key instead try

Code:

bkhive system sam

I also have windows 7 and this works for me.

[aerokid240]

You can check my blog on using the method "comaX" suggested. Here i give two methods of accomplishing this and offensive security has a video of this as well.

Go here