chntpw - utility to overwrite Windows NT/2000 SAM passwords
chntpw [options] <samfile> [systemfile] [securityfile] [otherreghive]
This manual page documents briefly the chntpw command. This manual
page was written for the Debian distribution because the original
program does not have a manual page.
chntpw is a utility to view some information and change user passwords
in a Windows NT/2000 SAM userdatabase file, usually located at
\WINDOWS\system32\config\SAM on the Windows file system. It is not
necessary to know the old passwords to reset them. In addition it
contains a simple registry editor (same size data writes) and hex-
editor with which the information contained in a registry file can be
browsed and modified.
-h Show summary of options.
Username to change. Default is Administrator
-l List all users in the SAM database.
-i Interactive: list all users (as per -l) and then ask for the
user to change.
-e Registry editor with limited capabilities.
-d Use buffer debugger.
-t Show hexdumps of structs/segments (deprecated debug function).
ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
Mount the Windows file system and enters the directory
\WINDOWS\system32\config where Windows stores the SAM database.
chntpw SAM system
Opens registry hives SAM and system and change administrator
account. This will work even if the name has been changed or it
has been localized (since different language versions of NT use
different administrator names).
chntpw -l SAM
Lists the users defined in the SAM registry file.
chntpw -u jabbathehutt SAM
Prompts for password for jabbathehutt and changes it in the SAM
registry file, if found (otherwise do nothing).
If you are looking for an automated procedure for password recovery,
you might look at the bootdisks provided by the upstream author at
There is more information on how this program works available at
/usr/share/doc/chntpw registry works.
This manual page was written by Javier Fernandez-Sanguino
<firstname.lastname@example.org>, for the Debian GNU/Linux system (but may be used by
13th March 2010