Dibawah ini adalah panduan untuk mereset Password Admin di Windows dengan menggunakan utility Offline NT Password, booting via CD dan di tes pada Windows Vista. Sebelum melakukan Trik ini pastikan CD booting sudah terisi utility Offline NT Password dan atur posisi booting awal di Bios di CD/RW room, apabila anda kurang familiar di bios pas waktu Loading awal coba tekan F8 secara berulang (ESC, F12,F11 untuk beberapa jenis Komputer) lalu pilih boot via CD.
Dan jika berhasil Kamu akan melihat rentetan script seperti dibawah ini :
Dan jika berhasil Kamu akan melihat rentetan script seperti dibawah ini :
ISOLINUX 3.51 2007-06-10 Copyright (C) 1994-2007 H. Peter Anvin *************************************************************************** * * * Windows NT/2k/XP/Vista Change Password / Registry Editor / Boot CD * * * * (c) 1998-2007 Petter Nordahl-Hagen. Distributed under GNU GPL v2 * * * * DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES! * * THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE * * CAUSED BY THE (MIS)USE OF THIS SOFTWARE * * * * More info at: http://pogostick.net/~pnh/ntpasswd/ * * Email : pnh@pogostick.net * * * * CD build date: Sun Sep 23 14:15:35 CEST 2007 * *************************************************************************** Press enter to boot, or give linux kernel boot options first if needed. Some that I have to use once in a while: boot nousb - to turn off USB if not used and it causes problems boot irqpoll - if some drivers hang with irq problem messages boot nodrivers - skip automatic disk driver loading boot:
Loading vmlinuz..................
Loading scsi.cgz.........................
Loading initrd.cgz..........
Ready.
Linux version 2.6.22.6 (root@athene) (gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk)) #2 Sun Sep 9 16:59:48 CEST 2007
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009f800 (usable)
BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved)
BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 00000000316f0000 (usable)
BIOS-e820: 00000000316f0000 - 00000000316ff000 (ACPI data)
BIOS-e820: 00000000316ff000 - 0000000031700000 (ACPI NVS)
BIOS-e820: 0000000031700000 - 0000000031800000 (usable)
BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved)
792MB LOWMEM available.
Zone PFN ranges:
DMA 0 -> 4096
Normal 4096 -> 202752
early_node_map[1] active PFN ranges
...
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
RAMDISK driver initialized: 16 RAM disks of 32000K size 1024 blocksize
USB Universal Host Controller Interface driver v3.0
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
serio: i8042 KBD port at 0x60,0x64 irq 1
serio: i8042 AUX port at 0x60,0x64 irq 12
usbcore: registered new interface driver usbhid
drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
Using IPI Shortcut mode
BIOS EDD facility v0.16 2004-Jun-25, 1 devices found
Freeing unused kernel memory: 144k freed
Booting ntpasswd
Mounting: proc sys
Ramdisk setup complete, stage separation..
In stage 2
Spawning shells on console 2 - 6
Initialization complete!
** Preparing driver modules to dir /lib/modules/2.6.22.6
input: AT Translated Set 2 keyboard as /class/input/input0
Disini akan memuat driver disk, jika Kamu menggunakan Floppy Disk maka akan diminta untuk swap disket ** Will now try to auto-load relevant drivers based on PCI information
---- AUTO DISK DRIVER select ----
--- PROBE FOUND THE FOLLOWING DRIVERS:
ata_piix
ata_generic
mptspi
--- TRYING TO LOAD THE DRIVERS
### Loading ata_piix
scsi0 : ata_piix
scsi1 : ata_piix
ata1: PATA max UDMA/33 cmd 0x000101f0 ctl 0x000103f6 bmdma 0x00011050 irq 14
ata2: PATA max UDMA/33 cmd 0x00010170 ctl 0x00010376 bmdma 0x00011058 irq 15
ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33
ata2.00: configured for UDMA/33
scsi 1:0:0:0: CD-ROM NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5
sr0: scsi3-mmc drive: 1x/1x xa/form2 cdda tray
Uniform CD-ROM driver Revision: 3.20
### Loading ata_generic
### Loading mptspi
Fusion MPT base driver 3.04.04
Copyright (c) 1999-2007 LSI Logic Corporation
Fusion MPT SPI Host driver 3.04.04
PCI: Found IRQ 9 for device 0000:00:10.0
mptbase: Initiating ioc0 bringup
ioc0: 53C1030: Capabilities={Initiator}
scsi2 : ioc0: LSI53C1030, FwRev=01032920h, Ports=1, MaxQ=128, IRQ=9
scsi 2:0:0:0: Direct-Access VMware, VMware Virtual S 1.0 PQ: 0 ANSI: 2
target2:0:0: Beginning Domain Validation
target2:0:0: Domain Validation skipping write tests
target2:0:0: Ending Domain Validation
target2:0:0: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127)
sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB)
sd 2:0:0:0: [sda] Write Protect is off
sd 2:0:0:0: [sda] Cache data unavailable
sd 2:0:0:0: [sda] Assuming drive cache: write through
sd 2:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB)
sd 2:0:0:0: [sda] Write Protect is off
sd 2:0:0:0: [sda] Cache data unavailable
sd 2:0:0:0: [sda] Assuming drive cache: write through
sda: sda1
sd 2:0:0:0: [sda] Attached SCSI disk
Disini akan memuat info merek model dan ukuran disk yang ditemukan ..
------------------------------------------------------------- Driver load done, if none loaded, you may try manual instead. ------------------------------------------------------------- ** If no disk show up, you may have to try again (d option) or manual (m).
*************************************************************************
* Windows Registry Edit Utility Floppy / chntpw *
* (c) 1997 - 2007 Petter N Hagen - pnh@pogostick.net *
* GNU GPL v2 license, see files on CD *
* *
* This utility will enable you to change or blank the password of *
* any user (incl. administrator) on an Windows NT/2k/XP/Vista *
* WITHOUT knowing the old password. *
* Unlocking locked/disabled accounts also supported. *
* *
* It also has a registry editor, and there is now support for *
* adding and deleting keys and values. *
* *
* Tested on: NT3.51 & NT4: Workstation, Server, PDC. *
* Win2k Prof & Server to SP4. Cannot change AD. *
* XP Home & Prof: up to SP2 *
* Win 2003 Server (cannot change AD passwords) *
* Vista 32 and 64 bit *
* *
* HINT: If things scroll by too fast, press SHIFT-PGUP/PGDOWN ... *
*************************************************************************
=========================================================
There are several steps to go through:
- Disk select with optional loading of disk drivers
- PATH select, where are the Windows systems files stored
- File-select, what parts of registry we need
- Then finally the password change or registry edit itself
- If changes were made, write them back to disk
DON'T PANIC! Usually the defaults are OK, just press enter
all the way through the questions
=========================================================
¤ Step ONE: Select disk where the Windows installation is
=========================================================
Disks:
Disk /dev/sda: 42.9 GB, 42949672960 bytes
Candidate Windows partitions found:
1 : /dev/sda1 40958MB BOOT
Disini ditemukan 1 disk dengan 1 partisi
Please select partition by number or q = quit d = automatically start disk drivers m = manually select disk drivers to load f = fetch additional drivers from floppy / usb a = show all partitions found l = show propbable Windows (NTFS) partitions only Select: [1]Di sini Anda memilih salah satu dari partisi yang tercantum di atas (dalam kasus ini hanya ada satu) atau salah satu huruf dari menu.
Selected 1 Mounting from /dev/sda1, with filesystem type NTFS NTFS volume version 3.1.System file NTFS, dan mount berhasil.
========================================================= ¤ Step TWO: Select PATH and registry files ========================================================= What is the path to the registry directory? (relative to windows disk) [WINDOWS/system32/config] :Ketik aja WINDOWS/system32/config lalu enter
-rw------- 2 0 0 262144 Feb 28 2007 BCD-Template -rw------- 2 0 0 6815744 Sep 23 12:33 COMPONENTS -rw------- 1 0 0 262144 Sep 23 12:33 DEFAULT drwx------ 1 0 0 0 Nov 2 2006 Journal drwx------ 1 0 0 8192 Sep 23 12:33 RegBack -rw------- 1 0 0 524288 Sep 23 12:33 SAM -rw------- 1 0 0 262144 Sep 23 12:33 SECURITY -rw------- 1 0 0 15728640 Sep 23 12:33 SOFTWARE -rw------- 1 0 0 9175040 Sep 23 12:33 SYSTEM drwx------ 1 0 0 4096 Nov 2 2006 TxR drwx------ 1 0 0 4096 Feb 27 2007 systemprofile Select which part of registry to load, use predefined choices or list the files with space as delimiter 1 - Password reset [sam system security] 2 - RecoveryConsole parameters [software] q - quit - return to previous [1] :Pilih 1 .
Selected files: sam system security Copying sam system security to /tmp ========================================================= ¤ Step THREE: Password or registry edit ========================================================= chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen HivePilih 1 untuk mengedit password,name (from header): <\SystemRoot\System32\Config\SAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x44000 is not 'hbin', assuming file contains garbage at end File size 524288 [80000] bytes, containing 11 pages (+ 1 headerpage) Used for data: 288/250904 blocks/bytes, unused: 15/23176 blocks/bytes. Hive name (from header): <SYSTEM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> Page at 0x8b4000 is not 'hbin', assuming file contains garbage at end File size 9175040 [8c0000] bytes, containing 2117 pages (+ 1 headerpage) Used for data: 96982/6224016 blocks/bytes, unused: 4381/2830032 blocks/bytes. Hive name (from header): <emRoot\System32\Config\SECURITY> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf> Page at 0x6000 is not 'hbin', assuming file contains garbage at end File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage) Used for data: 334/17312 blocks/bytes, unused: 7/3008 blocks/bytes. * SAM policy limits: Failed logins before lockout is: 0 Minimum password length : 0 Password history count : 0 ======== chntpw Main Interactive Menu ======== Loaded hives: 1 - Edit user data and passwords 2 - Syskey status & change 3 - RecoveryConsole settings - - - 9 - Registry editor, now with full write support! q - Quit (you will be asked if there is something to save) What to do? [1] ->
===== chntpw Edit User Info & Passwords ==== | RID -|---------- Username ------------| Admin? |- Lock? --| | 03e8 | admin | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 03ec | grumf1 | | | | 03ed | grumf2 | | | | 03ee | grumf3 | | | | 01f5 | Guest | | dis/lock | | 03ea | jalla1 | ADMIN | *BLANK* | | 03eb | jalla2 | | *BLANK* | | 03e9 | petro | ADMIN | *BLANK* |Ini adalah daftar dari semua pengguna lokal pada mesin Windows Kamu. Kamu dapat melihat lebih banyak pengguna di sini
Para pengguna ditandai dengan "ADMIN" adalah anggota dari kelompok administrator, yang berarti mereka memiliki hak admin, jika Kamu dapat login ke salah satu dari mereka Kamu bisa mengontrol Windows.
Secara default untuk Administrator selalu RID 01f4. Namun yang menjadi target adalah admin RID 03e8
"Kunci?" kolom menunjukkan jika user account dinonaktifkan atau dikunci atau BLANK jika passwordnya kosong
Kita pilih "admin" user
Select: ! - quit, . - list users, 0x- User with RID (hex) or simply enter the username to change: [Administrator] admin RID : 1000 [03e8] Username: admin fullname: comment : homedir : User is member of 1 groups: 00000220 = Administrators (which has 4 members)
Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 0, while max tries is: 0 Total login count: 3
- - - - User Edit Menu: 1 - Clear (blank) user password 2 - Edit (set new) user password (careful with this on XP or Vista) 3 - Promote user (make user an administrator) (4 - Unlock and enable user account) [seems unlocked already] q - Quit editing user, back to user select Select: [q] > 1 Password cleared!Disini Kita akan reset/clear/blank password.
Tapi Kamu juga dapat mencoba untuk mengatur sandi baru dengan opsi 2, tetapi hanya akan bekerja jika password tidak kosong. Selain itu, sering gagal untuk Win XP dan sistem baru.
Number 3 is to put a non-admin user into the administrators (220) group, thus making the user an administrator.
Select: ! - quit, . - list users, 0x- User with RID (hex) or simply enter the username to change: [Administrator] !
======== chntpw Main Interactive Menu ========
Loaded hives: <sam> <system> <security>
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
What to do? [1] -> q
Hives that have changed:
# Name
0 - OK
=========================================================
¤ Step FOUR: Writing back changes
=========================================================
About to write file(s) back! Do it? [n] : y
Jawab y . jika ragu-ragu jawab n!
Writing sam
***** EDIT COMPLETE ***** You can try again if it somehow failed, or you selected wrong New run? [n] : n ========================================================= * end of scripts.. returning to the shell.. * Press CTRL-ALT-DEL to reboot now (remove floppy first) * or do whatever you want from the shell.. * However, if you mount something, remember to umount before reboot * You may also restart the script procedure with 'sh /scripts/main.sh' (Please ignore the message about job control, it is not relevant) BusyBox v1.1.0-pre1 (2005.12.30-19:45+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands. sh: can't access tty; job control turned offTekan CTRL-ALT-DEL untuk Reboot ...
Semoga berhasil ....
