Récupérez un mot de passe windows de linux

Voulant réinstaller le launchpad Novation MK2 sur le nouveau ThinkPad T440p sous windows 7 professionnel pour ma fille, je me suis rendu compte que j’avais négligemment oublié le mot de passe d’administrateur ! C’est ballot, fort heureusement avec une partition sous linux, on peut faire pas mal de chose avec une commande qui s’appelle chntpw c’est à dire « change NT password » tout un programme. A vrai dire c’est valable avec n’importe quel PC windows dès lors que vous y avez accès physiquement et que vous pouvez accéder au BIOS.

Launchpad Novation MK2 et le ThinkPad T440p en mode linux

Il suffit de repérer la partition windows, la monter si ce n’est pas déjà fait et d’aller dans le répertoire Windows/System32/config. De mon côté j’ai tapé simplement en tant que root

cd /media/win_d/Windows/System32/config

Ensuite on tape la commande chntpw -l sam -i à noter qu’il faut que vous ayez un fichier sam dans le répertoire, sur d’autres systèmes ce fichier peut être en majuscule. Voilà le résultat :

chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 273/87760 blocks/bytes, unused: 18/10288 blocks/bytes.

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives:

1 – Edit user data and passwords
2 – List groups
– – –
9 – Registry editor, now with full write support!
q – Quit (you will be asked if there is something to save)

What to do? [1] ->

On tape 1 pour lister les utilisateurs et voilà ce que ça donne

===== chntpw Edit User Info & Passwords ====

| RID -|———- Username ————| Admin? |- Lock? –|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03e8 | Customer | ADMIN | dis/lock |
| 01f5 | Gast | | dis/lock |
| 03e9 | L�na | |
BLANK |
| 03ea | Olivier | |
BLANK |

Please enter user number (RID) or 0 to exit: [3e8]

Pour l’utilisateur Olivier on tapera 0x03ea et cela donnera

================= USER EDIT ====================

RID : 1002 [03ea]
Username: Olivier
fullname: Olivier
comment :
homedir :

00000221 = Benutzer (which has 4 members)

Account bits: 0x0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 3
** No NT MD4 hash found. This user probably has a BLANK password!
** No LANMAN hash found either. Try login with no password!

  • – – – User Edit Menu:
    1 – Clear (blank) user password
    (2 – Unlock and enable user account) [seems unlocked already]
    3 – Promote user (make user an administrator)
    4 – Add user to a group
    5 – Remove user from a group
    q – Quit editing user, back to user select
    Select: [q] >

On accède à un certain nombre de commandes permettant de débloquer le compte utilisateur, réinitialiser le mot de passe ou donner les droits d’administration. Attention j’ai pu constater que ça marchait bien, sauf qu’en quittant la commande chntpw il ne sauvegardait rien ! Je me suis pris autrement en tapant pour le compte Olivier

chntpw -u Olivier sam

ce qui donne

chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 273/87760 blocks/bytes, unused: 18/10288 blocks/bytes.

================= USER EDIT ====================

RID : 1002 [03ea]
Username: Olivier
fullname: Olivier
comment :
homedir :

00000221 = Benutzer (which has 4 members)

Account bits: 0x0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 4
** No NT MD4 hash found. This user probably has a BLANK password!
** No LANMAN hash found either. Try login with no password!

  • – – – User Edit Menu:
    1 – Clear (blank) user password
    (2 – Unlock and enable user account) [seems unlocked already]
    3 – Promote user (make user an administrator)
    4 – Add user to a group
    5 – Remove user from a group
    q – Quit editing user, back to user select
    Select: [q] >

Pour le passer administrateur, je tape 3, et voilà ce que ça donne

=== PROMOTE USER

Will add the user to the administrator group (0x220)
and to the users group (0x221). That should usually be
what is needed to log in and get administrator rights.
Also, remove the user from the guest group (0x222), since
it may forbid logins.

(To add or remove user from other groups, please other menu selections)

Note: You may get some errors if the user is already member of some
of these groups, but that is no problem.

Do it? (y/n) [n] : y

  • Adding to 0x220 (Administrators) …
    sam_put_user_grpids: success exit
  • Adding to 0x221 (Users) …
    sam_put_user_grpids: success exit
  • Removing from 0x222 (Guests) …
    remove_user_from_grp: NOTE: group not in users list of groups, may mean user not member at all. Safe. Continuing.
    remove_user_from_grp: NOTE: user not in groups list of users, may mean user was not member at all. Does not matter, continuing.
    sam_put_user_grpids: success exit

Promotion DONE!
================= USER EDIT ====================

RID : 1002 [03ea]
Username: Olivier
fullname: Olivier
comment :
homedir :

00000221 = Benutzer (which has 4 members)
00000220 = Administratoren (which has 3 members)

Account bits: 0x0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 4
** No NT MD4 hash found. This user probably has a BLANK password!
** No LANMAN hash found either. Try login with no password!

  • – – – User Edit Menu:
    1 – Clear (blank) user password
    (2 – Unlock and enable user account) [seems unlocked already]
    3 – Promote user (make user an administrator)
    4 – Add user to a group
    5 – Remove user from a group
    q – Quit editing user, back to user select
    Select: [q] >

et cette fois-ci quand je lui demande de quitter, il me demande bien de sauvegarder la modification

Hives that have changed:
# Name
0
Write hive files? (y/n) [n] : y
0 – OK

Laisser un commentaire