Windows 7 password recovery

[UbunFu]

Hey there,
I have managed to change my windows 7 account password and promptly forget it . I have bt5 installed on the same lappy thankfully, and have checked around a bit for ways to fix this. The best lead so far seems to be the chntpw tool, (this works for windows 7's sam right?) although I am having trouble installing it. I run: "apt-get install chntpw" in terminal, and it returns: "E: couldn't find package chntpw". Then when i just terminal chntpw, it returns: "[install with apt-get]. You will have to enable the universe component." Is this why cnhtpw isn't installing? How can I enable universe?
I have actually done a good amount of googling already, so any help you can offer - oh mighty hivemind - would be greatly appreciated (as I secretly miss my windows a little...).

Thanks,
UbunFu

[2901119]

I'm having trouble getting chntpw installed through the repos myself but another thing you might look into is bkhive which is installed by default.

[bofh28]

There is no need to install chntpw. It is already there.
/pentest/passwords/chntpw/chntpw /path/to/sam /path/to/system

[2901119]

is not on my system

Code:

/pentest/passwords# ls
cewl       crunch-3.0.1.tgz  hydra-6.3-src         oclhashcat       sipcrack
cmospwd    cupp              hydra-6.3-src.tar.gz  oclhashcat+      wordlists
crunch     hashcat           john                  oclhashcat-lite
crunch3.0  hashcat-utils     keimpx                pack

also the command "locate chntpw" returns nothing

UPDATE: well it appears that path is valid on my laptop running gnome 32 but not my desktop thats running gnome64... must be something to do with the 32/64 bit architectures

[UbunFu]

Hmm, yeah it turns out it isn't installed on my system either...but sir 2901119, thanks for the bkhive suggestion, I'll have to try that, as I'm using 64-bit too. How annoying...lol

[UbunFu]

Great news! It was at times an infuriating quest, but I finally got bkhive and samdump2 to work correctly, so thanks 2901119 for that lead! If anyone is still feeling generous though, john the ripper has got me stuck. I'm trying to crack these "dumps" with it. (For the sake of exactness, the file "samtext" is samdump2's output piped into plaintext form. )

When I simply type the command and directory

Code:

john '/media/(really long BT5 partition name)/pentest/SAMS/samtext'

john returns the message

Code:

fopen: john.ini: No such file or directory

so I looked in john's directory, and john.ini really isn't there. john.conf is there however, and in the man page for john, I saw there is a "--config=FILE" option to "use FILE instead of john.conf of john.ini". To me, that said that john.ini and john.conf might be somehow interchangeable, so I took it up on its offer, and wrote:

Code:

john --config='/pentest/passwords/john/john.conf' --format=LM '/media/(really long BT5 partition name)/pentest/SAMS/samtext'

and received the error :

Code:

Loaded 3 password hashes with no different salts (LM DES [128/128 BS SSE2])
fopen: password.lst: No such file or directory

I also tried the same line without "--format=LM" and received the same message. I then tried "--format=NT" for the hell of it, and again received a similar error:

Code:

Loaded 3 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
fopen: password.lst: No such file or directory

I assume the 128/128 bit is something about salt length, maybe 128bit? But I really don't know much about that. I also gathered that john is trying to read from that wordlist it can't find, but I think i'd rather it just bruteforce the file if possible, even though it will probably take ages. If anyone knows how if or how it is possible to get john to bruteforce, that would be an hugely appreciated piece of information!

Thanks again to all of you who have taken time to help a bro triumph over ignorance!

[2901119]

I personally prefer the hashcat tools over John... Maybe check those out.

[AldousU]

Try changing to the directory where john is installed and running the commands from there.

[cynthialqy]

To avoid possible unfortunate incident that the users forgot their Windows login password, there are a lot of solutions to break Windows 7 password in the market. Here I would like to share two with you.


Method 1: Password Reset Disk



Windows 7 has its own a backup method called a password reset disk.




How to create a password reset disk?



Step 1: Click "Start"->"Control Panel"->"User Accounts and Family Safety"->"User account".

Important: Insert a blank floppy disk or a flash drive into floppy disk drive. You are not able to create a Windows 7 password reset disk on CD, DVD, or external hard drive.

Step 2: In the task pane on the left, click "Create a password reset disk".

Step 3: When the "Forgotten Password Wizard" window appears, click "Next".

Step 4: Choose the portable media drive to create a Windows 7 password reset disk on.

Step 5: Continue to click "Next" when the following boxes appear. When the progress indicator shows 100%, click "Next" and then click "Finish". You can now remove the floppy disk or the flash drive from your computer.



How to use a password reset disk?



Step 1: When you type the wrong password at the login screen. You will get the indicator like "The user name or password is correct". Click "OK" to see "Reset password" option under the password box.

Step 2: Insert your password reset disk, and then click on "Reset password" to open "Password Reset Wizard".

Step 3: Click "Next" and select the password reset disk.

Step 4: Click "Next", and an interface for you to create new password appears. You should type twice to make sure you type correctly. It is recommended to create a password hint to jog your memory if you forgot the password again.


Method 2: Windows 7 Password Breaker







It is very efficient to use the first method. However, it is before you forgot the password that you have to burn it by yourself. Whereas, like most users, you don’t feel you need to trouble with, confident in the reliability of your memory. But when the day comes that supposedly familiar word slips your mind, you're going to regret not making that preparation. Don't fret, I highly recommend one third party program named Windows 7 Password Breaker which can reset Windows 7 password after you forgot the password.




See how to achieve this goal:

Step 1: Insert a blank CD in another computer that can run as administrator, and download & install & launch Windows 7 Password Recovery.
Step 2: Select "reset Windows local account password", and tick "CD/DVD" and specify your device.
Step 3: Click "Burn" to create a Windows password reset disk.
Step 4: Boot your computer that can’t access to Windows with CD. You will see Windows Password Breaker under Win PE environment.
Step 5: Choose the Windows installation to be processed. Highlight the account you want to reset password for. Click "Reset" and follow the wizard to remove Windows password.
Step 6: The reset will be active after you reboot your PC.

As long as you control these two methods above, I am sure you can break Windows 7 password without any effort.

[imadoofus]

[QUOTE=cynthialqy;204349]To avoid possible unfortunate incident that the users forgot their Windows login password, there are a lot of solutions to break Windows 7 password in the market. Here I would like to share two with you.
Method 1: Password Reset Disk

Method 2: Windows 7 Password Breaker


All well and good - but ...
I have a friend who has a notebok (no CD) and has no access to any other computer. I was going to send her a memory stick with Ubuntu on it so that she could use chntpw. However .... when I tried using the utility to change a password on my version of Windows 7 it:
Changed the password to something other than I specified OR
Hid the account picture so that I could no longer select it to log in.
I have Win 7 128 bit and was wondering if this wat the issue and I needed something else?