• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

How To Remove A Windows Password Using Backtrack

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

Status
Not open for further replies.

pirate07

Well-Known Member
Aug 18, 2010
154
0
11sf7s0.jpg


How To Remove A Windows Password (All Versions) Using Backtrack

DISCLAIMER: THIS IS FOR EDUCATIONAL PURPOSES ONLY!! DO NOT PERFORM THIS ACTION ON A COMPUTER THAT IS NOT YOURS!! ONLY PERFORM THE FOLLOWING STEPS ON YOUR OWN COMPUTER OR ON A COMPUTER THAT YOU HAVE PERMISSION TO DO SO. I WILL NOT BE HELD RESPONSIBLE AN ANY WAY, SHAPE OR FORM IF YOU USE THIS METHOD IN AN ILLEGAL MANNER!! IF YOU DO, YOU DO SO AT YOUR OWN RISK!!

Download Backtrack 3 or Backtrack 4 from http://www.backtrack-linux.org/downloads/ Burn the iso file with your favorite burning software.
For this tutorial I am using Backtrack 3, and will be removing my password on Windows 7 Professional.

Step 1. Restart your PC with the Backtrack disc in your drive and boot from the
cd/dvd. You don't have to do anything once the bootup process starts. It will
take about 2-4 minutes depending on your hardware setup. Once you get to your
Desktop we are ready to begin. The Desktop will look like this:

9s42sg.jpg



Step 2. The first thing we need to do is find out what Backtrack has labeled your C: Drive As. So click on the K button which looks like this
350t1e9.jpg
(From now on i will refer to this as the start button for all you Windows fans.) From the start menu go to System > System Information > Partitions. Find you C: Drive (which will be labeled as NTFS) and look under the mount point category. Mine is labeled as /mnt/sda1.

10s7r00.jpg


This also can be labeled as hda1, hda0, sda0 or any other combination. Its important that you know this for later on so make a note of it.

Step 3. Click on the start button Go to the Backtrack Folder > Priveleged Escalation > Password Attacks > chntpw. This will bring up a command line interface.

10ydgsn.jpg



Step 4. At the bt chntpw# prompt type the following command and press enter.
Code:
 chntpw -i /mnt/sda1/Windows/System32/config/SAM
You will now get some options and it will look like this

2lnz22q.jpg



You must note that this command is very case sensitive.
Code:
 chntpw -i /mnt/sda1/Windows/System32/config/SAM
You need caps and lower case where required. If your unsure of the spelling in the path name click on the 3rd button on the task bar. Looks like this
17fxgy.jpg
This is called Konqueror and is equal to Windows Explorer. Browse through Windows/System32/config/SAM and make sure you get the spelling perfect otherwise the command will not work. XP, Vista and 7 are all different so I recommend you
do this just to ensure you have no errors.

34g4hn9.jpg



Step 5. We want to Edit user data and passwords so press 1 and hit enter

1j4to4.jpg



Step 6. Type the name of the user of which you want to remove there password
(preferably an administrator account) and press enter. For this tutorial I will
use my Windows account

zml6vm.jpg


Step 7. We now want to Clear (blank) user password. Press 1 and hit enter

1zz553k.jpg



Step 8. You should get a Password cleared! message

30wunwj.jpg

(YES!!!) :shoot:

Step 9. These next couple of steps are very important. We now need to make
sure that the account is not locked out.

Step 10. Type the same user name as you did in step 6. and press enter

Step 11. Now we need to Unlock and enable user account so type 4 and press enter

3532puu.jpg



Step 12. You should get the message Unlocked!

kbqbv8.jpg



Step 13. Now we are pretty much done we just need to quit and save so type ! and press enter

Step 14. Type q and press enter

350ornl.jpg



Step 15. Type y to Write hive files and press enter

n1qr11.jpg



Step 16. Done!! YEAH!!! You can now restart your computer and boot up to
Windows. (go to start > logout > restart) If you only have one user account it should automatically log you in. But if it doesn't all you will have to do is click on your username and no password will be required. Note that when you
restart, your cd/dvd drive will automatically eject your live cd/dvd media.

If you have any questions feel free to leave a comment and I will answer it to the best of my ability. But once you do this a couple of times it will take you less than 10 minutes to accomplish this task. :beer: Thanks for reading!! :beer:
 
Status
Not open for further replies.
Back