Topic: NTPWEdit version 0.6 GPL  (Read 22980 times)

0 Members and 2 Guests are viewing this topic.

NTPWEdit version 0.6 GPL
« on: November 26, 2014, 02:23:19 AM »

ChrisR

  • Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2809
NTPWEdit version 0.6 GPL is out  :great:

NTPWEdit is a password editor for Windows NT based systems (like Windows 2000, XP, Vista, 7, 8, 10), it can change or remove passwords for local system accounts. This program can NOT decrypt passwords or change domain and Active Directory passwords.

NTPWEdit changes passwords by direct modifying file C:\WINDOWS\SYSTEM32\CONFIG\SAM. When running, operating system blocks any access to this file, so password editor must be executed on another Windows copy.

Quote
Version 0.5 - 25.11.2014:
 • Based on chntpw 140201;
 • OpenSSL libraries replaced by LibTomCrypt;
 • Fixed out of bounds access in hive array;
 • Fixed inconsistent definition of _WIN32_WINNT in dlglib.

Quote
Version 0.6 - 07.11.2016
 • Added hibernation warning message   - See Anshad Reply #8
 • Added simple automatic search for SAM file
 • Fixed false hive open error in ntreg.c

Plugin   * NTPWEdit_Plugin_v20.7z (403.52 kB - downloaded 1006 times.)

NTPWEdit version 0.6 GPL x86/x64 standalone   * ntpwed06.zip (159.71 kB - downloaded 1744 times.)

http://cdslow.org.ru/en/ntpwedit/
Thansk to Vadim Druzhin  :thumbsup:
« Last Edit: November 08, 2016, 05:29:34 AM by ChrisR, Reason: NTPWEdit version 0.6 »

Re: NTPWEdit version 0.5 GPL
« Reply #1 on: December 03, 2014, 01:36:24 AM »

LinhHonHuynhDe

  • Apprentice
  • *
  • Location: Việt Nam
  • Date Registered: Jun 2013
  • Posts: 6
Hi! ChrisR

I have found a lot but could not get the link.
You can upload NTPWEdit 0.5 or not

Thanks!

Re: NTPWEdit version 0.5 GPL
« Reply #2 on: December 03, 2014, 04:56:59 AM »

ChrisR

  • Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2809

Re: NTPWEdit version 0.5 GPL
« Reply #3 on: December 03, 2014, 05:41:44 PM »

LinhHonHuynhDe

  • Apprentice
  • *
  • Location: Việt Nam
  • Date Registered: Jun 2013
  • Posts: 6
Hi!

http://cdslow.webhost.ru

This webpage is not available


Re: NTPWEdit version 0.5 GPL
« Reply #4 on: December 03, 2014, 09:58:06 PM »

ChrisR

  • Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2809
Strange, no worries here  :confused:

Here it is
* ntpwed05.zip (158.19 kB - downloaded 7606 times.)

I also updated Gena's plugin
* NTPWEdit.7z (399.35 kB - downloaded 2388 times.)

Re: NTPWEdit version 0.5 GPL
« Reply #5 on: December 05, 2014, 04:15:15 PM »

LinhHonHuynhDe

  • Apprentice
  • *
  • Location: Việt Nam
  • Date Registered: Jun 2013
  • Posts: 6

Thank you ChrisR !

I have successfully downloaded.

 :great:

Re: NTPWEdit version 0.5 GPL
« Reply #6 on: December 18, 2014, 12:09:35 PM »

kman1523

  • Jr. Chef
  • **
  • Date Registered: Dec 2014
  • Posts: 13
Looks great. Thanks  :thumbsup:

Re: NTPWEdit version 0.5 GPL
« Reply #7 on: January 06, 2015, 07:21:23 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 6935
Here it is
I also updated Gena's plugin

Thanks Chris,
 on Gena Server  :thumbsup:

Re: NTPWEdit version 0.5 GPL
« Reply #8 on: January 09, 2015, 12:43:50 AM »

anshad

  • Chef
  • ***
  • Date Registered: Apr 2012
  • Posts: 323
Hi

I recently found that using "NTPWEdit" or any other password resetting tool to reset user account password on "Windows 8.0/8.1" doesn't seems to always work. The symptoms include ;

1. You reset a local user account from PE, reboot to Windows and then found that the account still asking for password.

2. You enabled a disabled account from PE ( ie, built in "Administrator" account), reboot to Windows and found that the disabled account is not enabled/not present on the log on screen.


 cause :

It's the new "Fast Startup" feature which is behind this weird behaviors. "Fast Startup" will actually put Windows to a semi "hibernation" state to gain speed at next powering on.

Source : http://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/

Quote
The goal of Fast Boot is pretty obvious from its name - Windows 8 boots up faster than previous versions of the operating system ever did. To accomplish this feat, Windows 8 doesn't totally shut down when you click the Shut down command. Instead it only partially shuts down and partially hibernates. This is the Hybrid Shutdown part of the equation. Then, when you turn on your computer, Windows 8 starts very quickly because it only has to partially boot up and partially wake up. This is the Fast Boot part of the equation.

If you shutdown Windows 8, boot in to PE and edit Registry or reset password and reboot, Windows will actually resume it's core components from the hibernation file instead of loading from disk. As a result, any changes you made from PE will be lost !. Also in some cases, editing NTFS while system is on hibernation state may result in system file corruption ( i learned this by hard way ). The good Linux guys found this first and as a precaution, they decided to not mount NTFS if hibernation (either full or semi like "fast startup" ) is detected.

Source : https://kamalkaur188.wordpress.com/category/unable-to-mount-windows-ntfs-filesystem-due-to-hibernation/
 

Quote

Making changes to your Windows (ntfs) partition while it is hibernated could be dangerous--it could cause Windows to not resume from hibernation or to crash after resuming. Because of this, the tool (ntfs-3g) that mounts (opens) the partition will not mount it in read-write mode if it sees a hibernation flag.

Source : http://www.h-online.com/open/features/Linux-and-Windows-8-Fast-Startup-puts-data-at-risk-1780640.html

Quote
In tests, the problem was easily reproduced by shutting down a freshly installed Windows 8 system from the menu and then creating a few files on the Windows partitions from within a Linux distribution. After a subsequent system start, the new files did not appear in Windows. After unmounting and remounting the test partitions, and after rebooting Windows using the Windows restart feature, the files became visible but were often unreadable or corrupted. Edited files were also often damaged. Although Windows managed to repair the test system's filesystems, it took over an hour to fix an NTFS partition of 1.5TB, and some of the files that were created or modified under Linux were lost in the process.



Solution :

If "Windows 8" log in password need to be changed or Registry need to be edited, first boot to Windows and restart normally from the log in screen ( don't shutdown - restart and immediately boot to PE ).



This will clear the "fast startup" and then you can boot to your PE and edit password/registry or remove/add files from the "system drive".  I would also recommend to delete "hiberfil.sys" from the root of system drive as a safety precaution ( don't do this with "Win7". The hibernation file may contain user mode data unlike "Win8" ). "hiberfile.sys" will be recreated again the next time you shutdown the system from within "Windows 8"  and "fast startup" will be returned.


Btw, "fast startup" won't work with virtual machines. You need a real system for tests.

 
« Last Edit: January 09, 2015, 08:51:26 AM by anshad »

Re: NTPWEdit version 0.5 GPL
« Reply #9 on: January 09, 2015, 07:58:52 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 6935
Thanks anshad,

interesting findings,

I always thought deleting swapfile.sys and hiberfile.sys, and making further changes on registry would get things right
 (force windows to get normal boot with probably a warning ;))
   what happens when swapfile.sys file deleted, I never tested....

I put a Big warning to NTPWEdit plugin interface  :smile: :thumbsup:

:turtle:

Re: NTPWEdit version 0.6 GPL
« Reply #10 on: November 08, 2016, 03:29:34 AM »

ChrisR

  • Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2809
NTPWEdit version 0.6 GPL is out  :great:

Quote
Version 0.6 - 07.11.2016
  + added hibernation warning message   - See Anshad Reply #8
  + added simple automatic search for SAM file
  - fixed false hive open error in ntreg.c

Plugin and Standalone NTPWEdit v0.6 are on first post.

Thansk to Vadim Druzhin  :thumbsup:

Re: NTPWEdit version 0.6 GPL
« Reply #11 on: November 13, 2016, 10:36:44 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 6935
Thanks Chris,

Updated on server :thumbsup:
\Downloads\AppYGS\Security\Unlockers\'NTPWEdit'

with DU buttons   :wink:

:turtle:
« Last Edit: November 13, 2016, 10:58:59 PM by Lancelot »

 

Powered by EzPortal