chntpw

List all users in the SAM file

$ chntpw -l [path/to/sam_file]

$ chntpw -u [username] [path/to/sam_file]

$ chntpw -i [path/to/sam_file]

chntpw [options] [system file]

-u
    Specify a username to target. If not specified, it lists all users.

-i
    Interactive menu mode, allowing selection of multiple options for a specific user.

-l
    List all users in the SAM database.

-e
    Registry editor mode. Allows editing of the registry (advanced use).

-d
    Show more info and ask for what to do with each user found.

-p
    Set a new password for the specified user. This is insecure and not recommended.

-q
    Quiet mode (less verbose output).

-v
    Verbose mode (more detailed output).

-h
    Display help information.


    Path to the Windows SAM database file (usually located in C:\Windows\System32\config).

[system file]
    Path to the Windows SYSTEM file (usually located in C:\Windows\System32\config). Required for some operations, especially registry editing.

chntpw is a utility for viewing and resetting user passwords in Windows NT/2000/XP/Vista/7/8/10/11 systems.
It works by directly accessing and modifying the SAM (Security Account Manager) database file on the Windows system's hard drive. It allows you to blank passwords, unlock disabled accounts, and promote users to administrator privileges. Note: This tool should be used responsibly and ethically. Modifying system files without proper authorization is illegal and potentially damaging.
It's primarily designed for situations where you've lost or forgotten your Windows password and need to regain access to your system without reinstalling the OS. Be extremely careful using it, as incorrect usage can cause irreparable damage to your Windows installation. Always back up your SAM file before making changes.

chntpw modifies the SAM file directly, which can cause system instability or data loss if used incorrectly. Always back up the SAM file before making any changes. Also, be aware that using chntpw on a system you don't own or have permission to access is illegal and unethical.

The SAM file is typically located at: C:\Windows\System32\config\SAM.
Accessing it from a running Windows system is usually not possible due to file locking. You typically need to boot from a Linux Live CD/USB or mount the Windows partition in Linux to access the SAM file.

The SYSTEM file is located in the same directory as the SAM file. It contains encryption keys needed for certain operations.
If you get a error about the password being encrypted, you may need to include the SYSTEM file when calling chntpw.

Using chntpw without authorization is unethical and potentially illegal.
This tool is intended for legitimate password recovery and system administration purposes on systems you own or have explicit permission to access.

chntpw was originally developed by Petter Nordahl-Hagen. It has been actively maintained and updated over the years to support newer versions of Windows. It started as a tool for personal use but became a valuable resource for system administrators and security professionals dealing with password recovery and system maintenance. Its continued development is driven by the evolving security landscape of Windows operating systems.

strings(1), dd(1)