Index of /porteus/x86_64/Porteus-v3.2.2/

File Name  ↓ File Size  ↓ Date  ↓ 
Parent directory/--
modules/-31-Aug-2017 18:14
ntpasswd/-31-Aug-2017 03:39
Porteus-XFCE-v3.2.2-infotek-003-dev.iso 422M31-Aug-2017 06:21
Porteus-XFCE-v3.2.2-infotek-005.iso 242M06-Sep-2017 17:34
The point of this work is to provide a modern bootable iso that is capable of reseting windows passwords on a modern Windows 10 system with UEFI/GPT.  ntpasswd has become aged.

Porteus-XFCE-v3.2.2-infotek-005.iso 242MB

Burn the above iso to a CD/DVD/USB.  If you do not know how try https://unetbootin.github.io/

Porteus user authentication

User: root
Pass: toor

Using porteus with ntfs-3g and ntchpw to reset a password

/* version 004 you need to run ldconfig */
/* version 005 moved ntfs-3g dynamic libraries from /lib/ to /lib64/ which fixed the need to run ldconfig */

guest@porteus:~$ su - 

/* Locate windows install partition.  In this case we see a 249GB ntfs filesystem on partition /dev/sda4 */
/* This was a standard Windows 10 install to a UEFI system with a single SSD drive */

root@porteus:~# parted -l
Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sda: 250GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End    Size    File system  Name                          Flags
 1      1049kB  473MB  472MB   ntfs         Basic data partition          hidden, diag
 2      473MB   578MB  105MB   fat32        EFI system partition          boot, esp
 3      578MB   595MB  16.8MB               Microsoft reserved partition  msftres
 4      595MB   250GB  249GB   ntfs         Basic data partition          msftdata


Model: Lexar USB Flash Drive (scsi)
Disk /dev/sdb: 16.0GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  16.0GB  16.0GB  primary  fat32        boot, lba

/* mount the windows partition using ntfs-3g */
/* Windows 10 hibernates by default now so you probably need the remove_hiberfile filesystem option */
/* see https://www.tuxera.com/community/ntfs-3g-manual/#fastrestart  */

root@porteus:~# ntfs-3g -o remove_hiberfile,rw /dev/sda4 /mnt

/* copy the SAM file using cpnt.static to a local /tmp/ directory */

root@porteus:~# cpnt.static /mnt/Windows/System32/config/SAM /tmp/SAM

/* enable/disable set/blank a password using chntpw.static */

root@porteus:~# chntpw.static -i /tmp/SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive  name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c 
Page at 0x9000 is not 'hbin', assuming file contains garbage at end
File size 65536 [10000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 301/26960 blocks/bytes, unused: 3/5616 blocks/bytes.


* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0


<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: 

  1 - Edit user data and passwords
  2 - Syskey status & change
  3 - RecoveryConsole settings
      - - -
  9 - Registry editor, now with full write support!
  q - Quit (you will be asked if there is something to save)


What to do? [1] -> 1


===== chntpw Edit User Info & Passwords ====

| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 01f7 | DefaultAccount                 |        | dis/lock |
| 01f5 | Guest                          |        | dis/lock |
| 03e9 | infotek                        | ADMIN  |          |
| 03ea | test                           |        |          |

Select: ! - quit, . - list users, 0x - User with RID (hex)
or simply enter the username to change: [Administrator] test

RID     : 1002 [03ea]
Username: test
fullname: test
comment : test
homedir :

User is member of 1 groups:
00000221 = Users (which has 3 members)

Account bits: 0x0210 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |

Failed login count: 0, while max tries is: 0
Total  login count: 0

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
 q - Quit editing user, back to user select
Select: [q] > 1
Password cleared!

Select: ! - quit, . - list users, 0x - User with RID (hex)
or simply enter the username to change: [Administrator] !


<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: 

  1 - Edit user data and passwords
  2 - Syskey status & change
  3 - RecoveryConsole settings
      - - -
  9 - Registry editor, now with full write support!
  q - Quit (you will be asked if there is something to save)


What to do? [1] -> q

Hives that have changed:
 #  Name
 0  
Write hive files? (y/n) [n] : y
 0   - OK

/* copy the SAM file back to the windows partition */

root@porteus:~# cpnt.static /tmp/SAM /mnt/Windows/System32/config/SAM

/* flush the io because habit/superstition */

root@porteus:~# sync

/* unmount the windows partition from /mnt */

root@porteus:~# umount /mnt