chntpw

List all users in the SAM file

$ chntpw -l [path/to/sam_file]

$ chntpw -u [username] [path/to/sam_file]

$ chntpw -i [path/to/sam_file]

chntpw [options] samfile [systemfile] [securityfile_]

chntpw is an offline Windows password and registry editor. It can reset local user passwords, promote users to administrator, unlock accounts, and edit the Windows registry directly.
The tool works by modifying the Windows SAM (Security Account Manager) database file while Windows is not running. This is typically done by booting from a Linux live CD.

-l

List users in the SAM file

Select user to edit

Interactive mode with menu

Registry editor mode

Write names of changed files to /tmp/changed

Requires offline access to the Windows partition. Cannot reset Microsoft account passwords (cloud accounts). BitLocker-encrypted drives must be decrypted first. Always backup the SAM file before modifications.

chntpw was created by Petter Nordahl-Hagen for recovering access to Windows systems. It has become a standard tool included in security-focused Linux distributions like Kali Linux.

reged(1), hivex(3)