Backtrak

Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.

• http://www.corelan.be/index.php/2009/07/04/backtrack-4-cheat-sheet/
• ssh - Connection closed by 172.16.175.237
• ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
• ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

chntpw

• chntpw missing
• http://www.backtrack-linux.org/forums/showthread.php?t=43366highlight=chntpw
• wget http://ftp.de.debian.org/debian/pool/main/c/chntpw/chntpw_0.99.6-2_amd64.deb
• dpkg -i chntpw_0.99.6-2_amd64.deb

root@bt:/mnt/windows/Windows/System32/config# chntpw -l SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive SAM name (from header): \SystemRoot\System32\Config\SAM
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c lf
Page at 0x7000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 247/19728 blocks/bytes, unused: 16/4656 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 01f5 | Guest                          |        | dis/lock |

root@bt:/mnt/windows/Windows/System32/config# chntpw SAM
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive SAM name (from header): \SystemRoot\System32\Config\SAM
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c lf
Page at 0x7000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 247/19728 blocks/bytes, unused: 16/4656 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 01f5 | Guest                          |        | dis/lock |

--------------------- SYSKEY CHECK -----------------------
SYSTEM   SecureBoot            : -1 - Not Set (not installed, good!)
SAM      Account\F             : 0 - off
SECURITY PolSecretEncryptionKey: -1 - Not Set (OK if this is NT4)
Syskey not installed!

RID     : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir :

User is member of 1 groups:
00000220 = Administrators (which has 1 members)

Account bits: 0x0010 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[ ] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |

Failed login count: 1, while max tries is: 0
Total  login count: 33

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select
Select: [q]