312-50V10 · Question #6
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, y
The correct answer is C. CHNTPW. When physical access to a Windows system is available and the password is unknown, a live Linux environment can be used to directly manipulate the Windows SAM database. CHNTPW is the tool designed for exactly this purpose.
Question
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?
Options
- AJohn the Ripper
- BSET
- CCHNTPW
- DCain & Abel
How the community answered
(26 responses)- A8% (2)
- B4% (1)
- C88% (23)
Why each option
When physical access to a Windows system is available and the password is unknown, a live Linux environment can be used to directly manipulate the Windows SAM database. CHNTPW is the tool designed for exactly this purpose.
John the Ripper is a password cracking tool that attempts to recover passwords through brute-force or dictionary attacks on password hashes - it does not directly modify or reset account passwords.
SET (Social Engineering Toolkit) is a framework for performing social engineering attacks such as phishing and credential harvesting, and has no capability to modify Windows account databases.
CHNTPW (Change NT Password) is an offline Linux-based utility that directly edits the Windows SAM (Security Account Manager) registry hive, allowing a user to reset or blank any local account password and re-enable disabled or locked accounts without knowing the original password. Booting from a LiveCD like Ubuntu provides full access to the NTFS filesystem where the SAM file resides, making this attack possible without any network access or OS login.
Cain and Abel is a Windows-based password recovery and network sniffing tool that runs within a live Windows OS session, making it unusable from a Linux LiveCD to modify offline Windows accounts.
Concept tested: Offline Windows password reset using CHNTPW
Source: https://docs.kali.org/tools/chntpw
Topics
Community Discussion
No community discussion yet for this question.