Something like this:

[root@trk]:(~)# winpass -l

Type “winpass -l” to to get a list of users then type “winpass -u 0x” replacing with a user’s hex value.

Something like this:

[root@trk]:(~)# winpass -l

…
0e3d | user name | ADMINISTRATOR
…

[root@trk]:(~)# winpass -u 0×0e3d

Hope this helps.

Hi,

How Enable Administrator With TRK 3.2

The account administrator is Dissable. I change the password but i need enable!.

How i do it with TRK 3.2?

You can do it with ‘winpass’

Howto enable Administrator account with TRK 3.2 Build 279:

Boot your TRK and type
Code:
winpass
in console and you see:

Quote:
Searching and mounting all filesystems on local machine
Windows NT/2K/XP installation(s) found in:
1: /hda1/WINDOWS
Make your choice or ‘q’ to quit [1]: Ok, continue

Enter
Code:
1
for the partition with the Windows installation

Then you see:

Quote:
chntpw version 0.99.3 040818, (c) Petter N Hagen
Hive’s name (from header):
ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c

File size 28672 [7000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 254/21120 blocks/bytes, unused: 8/3264 blocks/bytes.
Hive’s name (from header):
ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c
Page at 0xd000 is not ‘hbin’, assuming file contains garbage at end
File size 262144 [40000] bytes, containing 12 pages (+ 1 headerpage)
Used for data: 967/43880 blocks/bytes, unused: 4/4888 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
RID: 01f4, Username: , *disabled or locked*
RID: 03ed, Username:
RID: 03ec, Username: , *disabled or locked*
RID: 01f5, Username: , *disabled or locked*
RID: 03e8, Username: , *disabled or locked*
RID: 03ea, Username: , *disabled or locked*
RID: 03eb, Username:

———————> SYSKEY CHECK Not Set (not installed, good!)
SAM Account\F : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It’s currently in mode = -1, Unknown-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON’T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n]

type
Code:
n
for the standard SYSKEY settings (only change the settings of SYSKEY if you know what you are doing)

The next message looks like:

Quote:
Username: Administrator
fullname:
comment : xxx
homedir :

Account bits: 0×0211 =
[X] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0×08) |
[ ] (unknown 0×10) | [ ] (unknown 0×20) | [ ] (unknown 0×40) |

Failed login count: 0, while max tries is: 0
Total login count: 8
Account is disabled
Do you wish me to reset the failed count, unset disabled and lockout,
and set the “password never expires” option? (y/n) [n]

Type
Code:
y
to unlock the Administrator account

Quote:
Unlocked!
** LANMAN password not set. User MAY have a blank password.
** Usually safe to continue

* = blank the password (This may work better than setting a new password!)
Enter nothing to leave it unchanged
Please enter new password:

At this point push only the RETURN-Key if you don’t wanna change the password

The last message says:

Quote:
Nothing changed.

Hives that have changed:
# Name
0 – OK

Now the account is unlocked and you can type
Code:
reboot
to start your Windows XP and login as Administrator

Last edited by HIT_Hunter on Mon Apr 21, 2008 3:48 pm; edited 5 times in total
Back to top
View user’s profile Send private message
HIT_Hunter

Joined: 14 Aug 2007
Posts: 70
Location: Germany

PostPosted: Sun Mar 30, 2008 12:39 pm Post subject: Howto enable Administrator account with TRK 3.3 Build 310 Reply with quote
But it’s better to use TRK 3.3 Build 310

Howto enable Administrator account with TRK 3.3 Build 310:

Boot your TRK and type
Code:
winpass

in console and you see:

Quote:
Searching and mounting all filesystems on local machine
Remounting NTFS partitions with ntfs-3g
Result of mounting:
/dev/hda1 on /hda1 type fuseblk (rw,nosuid,nodev,noatime,allow_other,blksize=4096)
Windows NT/2K/XP installation(s) found in:
1: /hda1/WINDOWS
Make your choice or ‘q’ to quit [1]:

Enter
Code:
1
for the partition with the Windows installation

Then you see:

Quote:
Ok, continue
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive name (from header):
ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c
File size 28672 [7000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 254/21120 blocks/bytes, unused: 8/3264 blocks/bytes.

Hive name (from header):
ROOT KEY at offset: 0×001020 * Subkey indexing type is: 666c
Page at 0xd000 is not ‘hbin’, assuming file contains garbage at end
File size 262144 [40000] bytes, containing 12 pages (+ 1 headerpage)
Used for data: 967/43880 blocks/bytes, unused: 4/4888 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|———- Username ————| Admin? |- Lock? –|
| 01f4 | Administrator | ADMIN | dis/lock |
| 03ed | andre | ADMIN | |
| 03ec | ASPNET | | dis/lock |
| 01f5 | Gast | | dis/lock |
| 03e8 | Hilfeassistent | | dis/lock |
| 03ea | SUPPORT_388945a0 | | dis/lock |
| 03eb | user | ADMIN | |

———————> SYSKEY CHECK Not Set (not installed, good!)
SAM Account\F : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It’s currently in mode = -1, Unknown-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON’T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n]

type
Code:
n
for the standard SYSKEY settings (only change the settings of SYSKEY if you know what you are doing)

The next message looks like:
Quote:
RID : 0500 [01f4]
Username: Administrator
fullname:
comment : xxx
homedir :

User is member of 1 groups:
00000220 = Administratoren (which has 3 members)

Account bits: 0×0211 =
[X] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don’t expir | [ ] Auto lockout | [ ] (unknown 0×08) |
[ ] (unknown 0×10) | [ ] (unknown 0×20) | [ ] (unknown 0×40) |

Failed login count: 0, while max tries is: 0
Total login count: 8

- – - – User Edit Menu:
1 – Clear (blank) user password
2 – Edit (set new) user password (careful with this on XP or Vista)
3 – Promote user (make user an administrator)
4 – Unlock and enable user account [probably locked now]
q – Quit editing user, back to user select
Select: [q]

Select
Code:
4
to Unlock and enable user account

And now you get this message:

Quote:
> Unlocked!

Hives that have changed:
# Name
0 – OK

Now the account is unlocked and you can type
Code:
reboot
to start your Windows XP and login as Administrator