chntpw

Reset or modify Windows account passwords

TLDR

List all users in the SAM file

$ chntpw -l [path/to/sam_file]

Edit user interactively

$ chntpw -u [username] [path/to/sam_file]

Use chntpw interactively

$ chntpw -i [path/to/sam_file]

SYNOPSIS

chntpw [-h] [-l] [-u user] [-i] [-v] SAM|SECURITY

-h
    Display help and exit

-l
    List users in SAM and exit

-u user
    Select specific user to edit (case-sensitive)

-i
    Interactive menu mode (default)

-v
    Verbose output

SAM|SECURITY
    Path to offline SAM or SECURITY hive file

DESCRIPTION

chntpw is a powerful utility for editing user accounts and passwords in Windows NT/2000/XP/Vista/7/8/10/11 Security Account Manager (SAM) databases from a Linux environment. It enables recovery of forgotten administrator passwords by mounting the Windows NTFS partition read-write and directly modifying the offline SYSTEM32/CONFIG/SAM and SECURITY hive files.

The tool provides an interactive menu to blank passwords, set new ones (in LM/NT hash or plain text where possible), unlock accounts, promote users to administrators, or edit registry values. It supports both local SAM files and domain trust accounts. Ideal for system rescue, it bypasses login screens without reinstalling Windows.

Usage typically involves booting from a Linux live USB (e.g., Ubuntu), mounting the partition with ntfs-3g, listing users with -l, then editing interactively. While effective, success depends on filesystem integrity and Windows version compatibility.

CAVEATS

Requires NTFS read-write mount (ntfs-3g); backup hives first to avoid corruption. Offline only—does not work on running Windows. Limited support for BitLocker-encrypted or Win11 secure hives. Interactive mode prompts for actions like blanking password (1), new password (2), admin promote (3), unlock (4).

chntpw

Reset or modify Windows account passwords

TLDR

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

TYPICAL USAGE

INSTALLATION

HISTORY

SEE ALSO