chntpw

This tool provides a way to edit user passwords in Windows SAM files by overwriting them, making old passwords unnecessary. It supports both 32 and 64-bit Windows from NT3.x to Win8.1 and includes utilities for registry editing, password resets, user unlocking, and group management in SAM databases. Users can be specified by username or RID in hex format.

Use cases include offline password recovery from Windows systems, such as during forensic investigations or when booting from GNU/Linux disks with extracted SAM, SYSTEM, SECURITY files. The package also offers specialized tools like reged for registry hive export/import/editing, sampasswd for batch password resets, samunlock for unlocking accounts, and samusrgrp for adding/removing users from groups.

Note that the program is described as somewhat hackish, and users proceed at their own risk. It can be added to custom GNU/Linux bootdisks for offline recovery, with source/binary under GPL v2 license.

chntpw directly parses and modifies Windows SAM files (user database), SYSTEM, SECURITY, and other registry hives by overwriting password hashes, editing registry values with size-preserving writes, and using hex-editing for low-level bit/byte manipulation. It handles NTLM hash structures across Windows versions, supports interactive menus or scripted operations, and logs changes to /tmp/changed. Related tools like reged manage registry exports/imports with prefix paths like HKEY_LOCAL_MACHINE\SOFTWARE, while sampasswd/samunlock/samusrgrp target specific SAM operations like RID-based resets or group SID modifications.