Linux Lite Forums
Software - Support => Other => Topic started by: Colin23erk on October 13, 2015, 01:40:16 PM
-
Is there an easy way to use LinuxLite to repair Win 7 password without using a CD or USB .
A third party has locked me out of Win 7 which is dual booted with LinuxLite . I have tried several Bootable repair Disks which have either failed to boot properly or require Input details which I am not able to supply .
I have used Synaptic to install chntpw
[/size]From How To Geek i have tried to follow their method[/color]
[/size][/color]
[/size][/color][/size]Using chntpw to reset your password[/color][/size]Before running chntpw, you will have to mount the hard drive that contains your Windows installation. In most cases, Ubuntu 9.10 makes this simple.[/color]
[/size]Click on Places at the top-left of the screen. If your Windows drive is easily identifiable – usually by its size – then left click on it.[/color]
[/size][/color]
[/size]If it is not obvious, then click on Computer and check out each hard drive until you find the correct one.[/color]
[/size][/color]
[/size]The correct hard drive will have the WINDOWS folder in it. When you find it, make a note of the drive’s label that appears in the menu bar of the file browser.[/color]
[/size][/color]
[/size]If you don’t already have one open, start a terminal window by going to Applications > Accessories > Terminal.[/color]
[/size][/color]
[/size]In the terminal window, enter the commands[/color][/size]cd /media
ls[/size]pressing enter after each line. You should see one or more strings of text appear; one of those strings should correspond with the string that appeared in the title bar of the file browser earlier.[/color]
[/size]Change to that directory by entering the command[/color][/size]cd <hard drive label>[/size]Since the hard drive label will be very annoying to type in, you can use a shortcut by typing in the first few letters or numbers of the drive label (capitalization matters) and pressing the Tab key. It will automatically complete the rest of the string (if those first few letters or numbers are unique).[/color]
[/size][/color]
[/size]We want to switch to a certain Windows directory. Enter the command:[/color][/size]cd WINDOWS/system32/config/[/size]Again, you can use tab-completion to speed up entering this command.[/color]
[/size][/color]
[/size]To change or reset the administrator password, enter:[/color][/size]sudo chntpw SAM[/size]SAM is the file that contains your Windows registry. You will see some text appear, including a list of all of the users on your system.[/color]
[/size]
[/size][/font][/color]
I am having difficulty getting past
[/size][/font][/color][/size]We want to switch to a certain Windows directory. Enter the command:[size=78%][/size]cd WINDOWS/system32/config/
[/size][/color]
-
You may want to modify your post. What ended up being posted is super small in size. Very hard to read and, thus, could limit the help you receive.
-
Hi,
It seems I'm not the only one who get the funny posts.
I now pre-write my posts in Leafpad, and then just copy 'n' paste into forum.
So without knowing what you have tried...??
This is what Google shows... Fix Windows 7 password with Linux (https://www.google.co.uk/search?q=fix+windows+7+password+with+linux&oq=fix+windows+7+password+with+linux&aqs=chrome..69i57.60119j0j4&sourceid=chrome&es_sm=122&ie=UTF-8)
-
A third party has locked me out of Win 7 which is dual booted with LinuxLite . I have tried several Bootable repair Disks which have either failed to boot properly or require Input details which I am not able to supply .
I have used Synaptic to install chntpw
F[/color]rom How To Geek i have tried to follow their method [/size]
[/color]Using chntpw to reset your password
[/color]Before running chntpw, you will have to [/color]mount[/b][/color] the hard drive that contains your Windows installation. In most cases, Ubuntu 9.10 makes this simple.[/color]Click on Places at the top-left of the screen. If your Windows drive is easily identifiable – usually by its size – then left click on it.[/color]If it is not obvious, then click on Computer and check out each hard drive until you find the correct one.[/color]The correct hard drive will have the WINDOWS folder in it. When you find it, make a note of the drive’s label that appears in the menu bar of the file browser. [/size]
Mine is -(/media/sda1/Windows/System32/config/ )
[/color]If you don’t already have one open, start a terminal window by going to Applications > Accessories > Terminal.[/color]In the terminal window, enter the commands [/size]
[/color]cd /media[/b]
[/color][/b][/color]ls[/b][/size]
[/color]pressing enter after each line. You should see one or more strings of text appear; one of those strings should correspond with the string that appeared in the title bar of the file browser earlier.[/color]Change to that directory by entering the command [/size]
[/color]cd <hard drive label>[/b][/color]Since the hard drive label [/size]
[/color]will be very annoying to type in, you can use a shortcut by typing in the first few letters or numbers of the drive label[/size]
[/color]
[/color][/code]
colin@colin-NC110:~$ cd /media
colin@colin-NC110:/media$ ls
Backup cdrom colin floppy floppy0 sda1
colin@colin-NC110:/media$ cd sda1/
colin@colin-NC110:/media/sda1$ cd WINDOWS/system32/config/
bash: cd: WINDOWS/system32/config/: No such file or directory
colin@colin-NC110:/media/sda1$
[/color][/b][/size][/b][/color]
[font=Verdana][size=3][/quote][/size][/font]
[color=rgb(34, 34, 34)][b][font=Verdana][size=3]To change or reset the administrator password, enter:[/size][/color][/b][/font]
[b][font=monospace][color=rgb(34, 34, 34)][size=5]sudo chntpw SAM[/size][/b][/font][/color]
[size=3][b][color=rgb(34, 34, 34)]SAM is the file that contains your Windows registry. You will see some text appear, including a list of all of the users on your system.[/b][/color][b][color=rgb(34, 34, 34)]We want to switch to a certain Windows directory. Enter the command[/b][/color] [/size]
[b][font=monospace][color=rgb(34, 34, 34)][size=5]cd WINDOWS/system32/config/[/size][/b][/font][/color][size=3][b][color=rgb(34, 34, 34)][/b][/color][/size]
[font=Verdana][size=3][quote][/size][/font]
-
If I am reading this correctly you should be able to just open the file manager and navigate to the WINDOWS/system32/config folder, once there right click on an empty space in the window and select "Open Terminal Here" and you will be in the right place no need to do all the cd commands. Then all you should have to do is run the following in the terminal you opened.
chntpw –l SAM
This will list user names, according to the article.
chntpw –u geek SAM
Replace the "geek" with your windows user name. Choose the 2nd option to (set new) password, after the password is changed, you have to confirm the save by hitting "y" when asked. When you get back to a command prompt you can close the terminal. The password should now be what you chose. Reboot into windows and use the new password.
Info found here: http://www.howtogeek.com/howto/windows-vista/change-your-forgotten-windows-password-with-the-linux-system-rescue-cd/
-
Thanks avj
I tried what you suggested with no luck - tried the 2nd one with my user name
colin@colin-NC110:/media/sda1/Windows/System32/config$ chntpw –l SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
openHive(–l) failed: No such file or directory, trying read-only
openHive(–l) in fallback RO-mode failed: No such file or directory
Unable to open/read a hive, exiting..
colin@colin-NC110:/media/sda1/Windows/System32/config$ chntpw –u colin SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
openHive(–u) failed: No such file or directory, trying read-only
openHive(–u) in fallback RO-mode failed: No such file or directory
Unable to open/read a hive, exiting..
colin@colin-NC110:/media/sda1/Windows/System32/config$
Colin
-
Not sure if it helps -- this is the contents of the /media/sda1/Windows/System32/config/ Files
/media/sda1/Windows/System32/config/Before Compact
/media/sda1/Windows/System32/config/Journal
/media/sda1/Windows/System32/config/Original
/media/sda1/Windows/System32/config/RegBack
/media/sda1/Windows/System32/config/SM Registry Backup
/media/sda1/Windows/System32/config/systemprofile
/media/sda1/Windows/System32/config/TxR
/media/sda1/Windows/System32/config/BCD-Template
/media/sda1/Windows/System32/config/BCD-Template.LOG
/media/sda1/Windows/System32/config/BCD-Template.LOG1
/media/sda1/Windows/System32/config/BCD-Template.LOG2
/media/sda1/Windows/System32/config/COMPONENTS
/media/sda1/Windows/System32/config/COMPONENTS.LOG
/media/sda1/Windows/System32/config/COMPONENTS.LOG1
/media/sda1/Windows/System32/config/COMPONENTS.LOG2
/media/sda1/Windows/System32/config/COMPONENTS{0f5bec2f-271f-11e5-9ece-dca9715022f5}.TM.blf
/media/sda1/Windows/System32/config/COMPONENTS{0f5bec2f-271f-11e5-9ece-dca9715022f5}.TMContainer00000000000000000001.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{0f5bec2f-271f-11e5-9ece-dca9715022f5}.TMContainer00000000000000000002.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TM.blf
/media/sda1/Windows/System32/config/COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{ba11b468-af01-11e4-8ad9-dca9715022f5}.TM.blf
/media/sda1/Windows/System32/config/COMPONENTS{ba11b468-af01-11e4-8ad9-dca9715022f5}.TMContainer00000000000000000001.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{ba11b468-af01-11e4-8ad9-dca9715022f5}.TMContainer00000000000000000002.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{d7165e1e-bd77-11e3-bed0-dca9715022f5}.TM.blf
/media/sda1/Windows/System32/config/COMPONENTS{d7165e1e-bd77-11e3-bed0-dca9715022f5}.TMContainer00000000000000000001.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{d7165e1e-bd77-11e3-bed0-dca9715022f5}.TMContainer00000000000000000002.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{e539f9a6-264c-11e5-a6d1-dca9715022f5}.TM.blf
/media/sda1/Windows/System32/config/COMPONENTS{e539f9a6-264c-11e5-a6d1-dca9715022f5}.TMContainer00000000000000000001.regtrans-ms
/media/sda1/Windows/System32/config/COMPONENTS{e539f9a6-264c-11e5-a6d1-dca9715022f5}.TMContainer00000000000000000002.regtrans-ms
/media/sda1/Windows/System32/config/DEFAULT
/media/sda1/Windows/System32/config/DEFAULT.LOG
/media/sda1/Windows/System32/config/DEFAULT.LOG1
/media/sda1/Windows/System32/config/DEFAULT.LOG2
/media/sda1/Windows/System32/config/SAM
/media/sda1/Windows/System32/config/SAM.LOG
/media/sda1/Windows/System32/config/SAM.LOG1
/media/sda1/Windows/System32/config/SAM.LOG2
/media/sda1/Windows/System32/config/SECURITY
/media/sda1/Windows/System32/config/SECURITY.LOG
/media/sda1/Windows/System32/config/SECURITY.LOG1
/media/sda1/Windows/System32/config/SECURITY.LOG2
/media/sda1/Windows/System32/config/SOFTWARE
/media/sda1/Windows/System32/config/SOFTWARE.LOG
/media/sda1/Windows/System32/config/SOFTWARE.LOG1
/media/sda1/Windows/System32/config/SOFTWARE.LOG2
/media/sda1/Windows/System32/config/SYSTEM
/media/sda1/Windows/System32/config/SYSTEM.LOG
/media/sda1/Windows/System32/config/SYSTEM.LOG1
/media/sda1/Windows/System32/config/SYSTEM.LOG2
Colin
-
Both -l and -u commands are failing..
The command chntpw –l SAM
should list the users
The command chntpw –u geek SAM
allows reset of that user...
Not sure but maybe helpful for you guys??? 99.6 version??
http://askubuntu.com/questions/162267/problem-with-using-chntpw-in-ubuntu-to-reset-windows-7-password (http://askubuntu.com/questions/162267/problem-with-using-chntpw-in-ubuntu-to-reset-windows-7-password)
Additionally - the instruction here http://www.chntpw.com/reset-windows-7-admin-password-with-ubuntu/ (http://www.chntpw.com/reset-windows-7-admin-password-with-ubuntu/) suggests adding the drive identifier when changing directories...
-
Another thing you can try is to rename SAM to SAM.old and then copy the version of SAM from ../system32/RegBack over to the ../config folder. This should give you your previous password back if the date of the backup SAM file predates the problem.
The entries, Last Known Good Configuration, and ~Revert to Restore Point~ in the Win7 Advanced Boot menu (F8 as Windows just begins to load) might do the same thing, not sure.
-
Hi Paul
Thanks for the idea but I cannot find
RegBack
../system32/RegBack over to the ../config folder.
I am getting the feeling that the only way to go is to Reinstall Win7 .
Fortunately I keep all my own Data / files in a separate Partition so they should not be affected as I can use them with LinuxLite .
I have always kept them separate from Windows from the days when crashes were a fact of life
Colin
-
Sorry, I messed up the location of regback. It's under system32/config.
-
Ok so I installed chntpw... I was getting the same errors as you...
I was able to get it to work...
TYPE the command into terminal - Don't copy and paste... chntpw -l SAM
I copied and pasted = failed
Manually entered = success
Its the "-" copied its the longer typed its the shorter... Why this makes a difference I don't know...
I retyped and tested the below... It did seem to work...
chntpw -l SAM
chntpw -u user SAM
I'll toss in some screenshots...
Shots:
Failed
(http://i.imgur.com/Yyh0P6m.png)
Success:
(http://i.imgur.com/O1bKDjl.png)
-
This thread is fascinating. I'm learning some stuff. Good teamwork here.
-
This thread is fascinating. I'm learning some stuff. Good teamwork here.
I too got giddy when it worked ;)
This is a great little tool, specially combined with a Live USB. I could of used it many times over the years...
-
Thanks
Tried what you said
[/code]
colin@colin-NC110:/media/sda1/Windows/System32/config$ chntpw -l SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
Hive <SAM> name (from header): <\C:\Windows\system32\config\sam>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 203/15264 blocks/bytes, unused: 11/5056 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Colin | ADMIN | |
| 01f5 | Guest | | dis/lock |
-------------------------------------------------------------------------------------------
colin@colin-NC110:/media/sda1/Windows/System32/config$ chntpw -u colin SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
Hive <SAM> name (from header): <\C:\Windows\system32\config\sam>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 203/15264 blocks/bytes, unused: 11/5056 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Colin | ADMIN | |
| 01f5 | Guest | | dis/lock |
---------------------> SYSKEY CHECK <-----------------------
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
SAM Account\F : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!
Cannot find value <\SAM\Domains\Account\Users\Names\colin\@>
Hives that have changed:
# Name
None!
colin@colin-NC110:/media/sda1/Windows/System32/config$
[font=Verdana][size=78%] not sure where to go n --Concerned about this line ( [/font][/size][font=Verdana][size=x-small]Cannot find value <\SAM\Domains\Account\Users\Names\colin\@>)[/font][/size]
[font=Verdana][size=x-small]
[/font][/size]
[font=Verdana][size=x-small]The problem was created because of a Ransom attack (my own slip up )[/font][/size]
[font=Verdana][size=78%]
[/font][/size]
-
> The problem was created because of a Ransom attack
My guess is the attack crippled your user account. At what point are they demanding the ransom? At the Welcome screen? IAC, if I am correct the SAM hive, and perhaps others as well, is corrupted and you must either revert to a restore point, use last known good config, or restore the registry manually the way I described (and maybe not just the SAM file either, though I would start there). Best would be if you keep up to date system images offline. The alternative would be to try to rescue data and settings, if they're not backed up, and then do a fresh install. At least, that's how I would approach it. Perhaps a malware expert would have a lower level way to solve the problem.
-
> The problem was created because of a Ransom attack
My guess is the attack crippled your user account. At what point are they demanding the ransom? At the Welcome screen? IAC, if I am correct the SAM hive, and perhaps others as well, is corrupted and you must either revert to a restore point, use last known good config, or restore the registry manually the way I described (and maybe not just the SAM file either, though I would start there). Best would be if you keep up to date system images offline. The alternative would be to try to rescue data and settings, if they're not backed up, and then do a fresh install. At least, that's how I would approach it. Perhaps a malware expert would have a lower level way to solve the problem.
Seen one once, where it used the web cam took a pic and then locked for ransom (think it was saying from FBI)..
I may still have notes, but it wasn't fun...
Had to create a usb with files, boot to the usb run said files.. scan, scan and scan some more...
I'll see what I can dig up, but some info..
http://www.trendmicro.com/vinfo/us/security/definition/Ransomware (http://www.trendmicro.com/vinfo/us/security/definition/Ransomware)
https://www.f-secure.com/en/web/labs_global/removing-police-themed-ransomware (https://www.f-secure.com/en/web/labs_global/removing-police-themed-ransomware)
These are samples... Try to nail down which your infected by to properly remove...
Some scanners, some require manual deletion of registry keys...
Back up your stuff first..
May want to try some online scanners through LL on the Windows partition...
-
The problem now appears to be that you entered:
chntpw -u colin SAM
that line looks like it should read chntpw -u Colin SAM
, capitallization is important. | RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Colin | ADMIN | |
| 01f5 | Guest | | dis/lock |
-
@avj, nice one.. Have noted this in case any of my Win using friends ever get stuck ;)
-
Yes, superb catch, avj. Colin, forget everything I wrote unless chntpw fails on the actual username. I've used this many times in the form of NT offline PW changer, and the command line is indeed case sensitive.
-
Thanks to All for trying to help but every step I try is like " Opening a Can of Worms . and I get a new set of problems to solve -
Even www.linuxliteos.com went off the Web so I could not seek help from the Forums
Colin
-
Hello!
Bless your heart, Colin. Before you 'nuke it and start over', if you can, you might want to try this:
http://www.howtogeek.com/96630/how-to-reset-your-forgotten-windows-password-the-easy-way/ (http://www.howtogeek.com/96630/how-to-reset-your-forgotten-windows-password-the-easy-way/)
UPDATE: I tried the procedure in the link, and it DOES WORK. I haven't tried this on a PC with a hiberfil.sys file yet, but that shouldn't affect how this works, as you're not trying to read the registry under Linux. Will update this again if it turns out to be an issue.
Additionally, you will need to have an install DVD that matches the version of Windows (Home Premium, Professional) you have installed, or a Windows recovery CD created by the PC you are trying to access. To prevent future anguish, you may want to create one NOW, so you'll have it on hand when you need it.
I know this is Windows 7 we're dealing with here, but for Windows 8/8.1/10 users, let me throw this in, if you're trying to do this under Linux:
If you have not disabled hibernation beforehand with the powercfg command, Linux will NOT let you access what you need to change - which you probably already know, if you've tried accessing such a Windows drive from Linux itself.
Colin, you may also want to contact whatever agency you folks have over there to report cybercrimes to. In the US, it's the FBI:
http://www.ic3.gov (http://www.ic3.gov)
Not that this will help you personally, but it MIGHT get the scumbags one step closer to getting busted...
73 DE N4RPS
Rob
-
If you can get access to the windows command line like suggested by N4RPS It might be worth it to create a new administrator account, which is a two step process outlined in the links below.
http://www.windows-commandline.com/add-user-from-command-line/
http://www.windows-commandline.com/add-user-to-group-from-command-line/
After creating a new admin account you should log into it and revoke admin privileges for the Colin account so it no longer has control.
-
@avj / others
I think the OP may have ended up re-installing Win7... Just as an FYI
The other thread:
https://www.linuxliteos.com/forums/installing-linux-lite/lite-not-finishing-loading/msg18143/?topicseen#msg18143 (https://www.linuxliteos.com/forums/installing-linux-lite/lite-not-finishing-loading/msg18143/?topicseen#msg18143)
Hello
I have Lite and Win-7 dual booting which have been working OK for over a year
After a problem with Win-7 I reinstalled it after which I could not boot into Lite (black screen with Flashing cursor
I used Boot-Repair Disk to mend the boot menu
I can now boot to Win-7 OK .
When I try to boot to Lite the Lite-Splash screen comes up - the progress bar goes normally for a 3rd of the way but then goes very slowly to the end . The PC then hangs
Colin