March 17, 2018

Crack Windows Password using CHNTPW

Sometimes, we forget our password & we want to reset it. It can be done in many ways. I once used Kali Linux to crack the password of my friend’s pc. Today, I’ll tell how I did it. It requires chntpw tool in Kali to modify SAM hashes. Without going into more details about it, let’s start with just the steps.


  1. Download Kali Linux ISO and burn on a CD/DVD or flash it to a flash drive to make it a bootable USB.

  2. From Boot menu -> Select Live (Forensic Mode) to launch the OS without actually installing it on to the hard drive.

  3. Enter the default username as root and password as toor when prompted.

  4. Almost of all the Windows OS versions, passwords are saved in SAM or the Secure Account Manager. This file is usually located in /Windows/System32/config. Navigate to the folder using terminal by typing cd /media/"hard-drive name"/Windows/System32/config

  5. After navigating to the config folder hit ls -l SAM* to list out the SAM files.

  6. Now we are using chntpw tool in Kali to make changes to SAM. Hit chntpw -l SAM. It lists out all the usernames found in the SAM on the host Windows OS.

  7. Now run chntpw -u "username" SAM. Replace the "username" with the username to reset.

  8. You’ll be then prompted with four different option. So now you can press 1 for clearing the previously set Windows password. Then suspend the Kali session and try logging in into the victim Windows OS with usually don’t prompt any password!

That’s all. Hope, you find this cool on how to reset password of any version of Windows.