.
выводит все учетные записи (включая админа) присутствующие на данном компе, параметр
позволяет работать с конкретной учетной записью. Таким образом, если допустим в ОС Windows 7 запаролена единственная учетка с админскими правами
, то сброс пароля проходит по такой схеме: после того как диск с Trinity Riscue Kit 3.4 прогрузится и появится командная строка, вводим команду. Смотри пример ниже:
Вот таким цветом выделены команды вводимые с клавиатуры
[root@trk]: (~)#
winpass -u "IVAN" Searching and mounting all filesystems on local machine
Remounting NTFS partitions with ntfs-3g
Result of mounting:
/dev/hda1 on /hda1 type fuseblk (rw,allow_other,blksize=4096)
Windows NT/2K/XP installation(s) found in:
1: /hda1/WINDOWS
Make your choice or 'q' to quit [1]:
1 Ok, continue
chntpw version 0.99.6 080526 (sixtyfour), © Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x8000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 317/24808 blocks/bytes, unused: 6/3640 blocks/bytes.
Hive <SECURITY> name (from header):
<\SystemRoot\System32\Config\SECURITY>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x10000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 15 pages (+ 1 headerpage)
Used for data: 1108/53920 blocks/bytes, unused: 11/7040 blocks/bytes.
* SAM policy limits:
Failed logins before lockout is: 3
Minimum password length : 7
Password history count : 7
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | |
| 03eb | ASPNET | ADMIN | |
| 01f5 | Guest | ADMIN | dis/lock |
| 03e8 | HelpAssistant | | dis/lock |
| 03f0 | John Doe | ADMIN | |
| 03ea | SUPPORT_388945a0 | | dis/lock |
---------------------> SYSKEY CHECK <-----------------------
SYSTEM SecureBoot : -1 -> Not Set (not installed, good!)
SAM Account\F : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry
Syskey not installed!
RID : 1008 [03f0]
Username: John Doe
fullname: John Doe
comment :
homedir :
User is member of 2 groups:
00000221 = Users (which has 4 members)
00000220 = Administrators (which has 7 members)
Account bits: 0x0010 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[ ] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 3
Total login count: 0
- - - - User Edit Menu:
1-Clear(blank)userpassword
2-Edit(setnew)userpassword(carefulwiththisonXPorVista)
3-Promoteuser(makeuseranadministrator)
(4 - Unlock and enable user account) [seems unlocked already]
q-Quiteditinguser,backtouserselect
Select: [q] >
1 Password cleared! Hives that have changed:
#Name
0<SAM>-OK
Backup file already exists. Not touching this file. Please be aware that 'winpass --restore' would restore the very original file from before winpass was ever run
Writing /hda1/WINDOWS/system32/config/SAM
[root@trk]
~)#
На этом всё, пароль сброшен и вход в Windows 7 пройдет без его запроса.