How to Reset Windows Password Using BackTrack

Hello all users, in today's we'd like to share a very simple and eagyhack for resetting your the lost Windows password using BackTrack & Chntpw tool, so let me get straight to the point without beating around the bush.

Windows stores the login password hashes (lm/ntlm format) in the registry hive files named 'SYSTEM' and 'SAM' at following location

C:\Windows\System32\Config

These files are highly protected and not accessible while Windows is running even for the administrator user. However hackers have found a way to circumvent these protections and access these system files.

Level : Expert

Follow the steps below for  resetting your widow password :

  1.  First of all Boot the system using BackTrack
  2.  Identify and mount your Windows partition in read/write mode using below steps
  3.  umount /mnt/hda1
  4.  modprobe fuse
  5.  ntfsmount /dev/hda1 /mnt/hda1
  6.  Now go to Windows\System folder in that partition
  7.  cd /mnt/hda1/windows/system32/config
  8.  Now list users => chntpw –l SAM
  9.  Reset the password for specific user
 10. chntpw –u username SAM

Next type * when asked to enter new password

Now login to Windows with that username & blank password

If your hard disk is SATA type then you need to use /sda1 instead of /hda1 in the above steps.

Resetting lost windows password is quickest way to get access to your system. However it will make encrypted volumes/DPAPI protected passwords inaccessible. So you have to decide wisely before you go with resetting windows password.

Enjoy.......