NTPWEdit version 0.7 GPL

NTPWEdit version 0.7 GPL is out 

NTPWEdit is a password editor for Windows NT based systems (like Windows 2000, XP, Vista, 7, 8, 10), it can change or remove passwords for local system accounts. This program can NOT decrypt passwords or change domain and Active Directory passwords.

NTPWEdit changes passwords by direct modifying file C:\WINDOWS\SYSTEM32\CONFIG\SAM. When running, operating system blocks any access to this file, so password editor must be executed on another Windows copy.

Version 0.5 - 25.11.2014:
 • Based on chntpw 140201;
 • OpenSSL libraries replaced by LibTomCrypt;
 • Fixed out of bounds access in hive array;
 • Fixed inconsistent definition of _WIN32_WINNT in dlglib.

Version 0.6 - 07.11.2016
 • Added hibernation warning message   - See Anshad Reply #8
 • Added simple automatic search for SAM file
 • Fixed false hive open error in ntreg.c

Version 0.7 - 26.09.2017
 • Always enable "Unlock" button for accounts that can expire

Updated plugin is on Yomi server

NTPWEdit version 0.6 GPL x86/x64 standalone   ntpwed06.zip (159.71 kB - downloaded 6625 times.)

NTPWEdit version 0.7 GPL x86/x64 standalone   ntpwed07.zip (135.56 kB - downloaded 6212 times.)

http://cdslow.org.ru/en/ntpwedit/index.html
Thansk to Vadim Druzhin 

Hi! ChrisR

I have found a lot but could not get the link.
You can upload NTPWEdit 0.5 or not

Thanks!

Here is the direct Link http://cdslow.webhost.ru/files/ntpwedit/ntpwed05.zip

Hi!

http://cdslow.webhost.ru

This webpage is not available

Strange, no worries here 

Here it is
 ntpwed05.zip (158.19 kB - downloaded 8680 times.)

I also updated Gena's plugin
 NTPWEdit.7z (399.35 kB - downloaded 3006 times.)

Thank you ChrisR !

I have successfully downloaded.

 

Looks great. Thanks 

Here it is
I also updated Gena's plugin

Thanks Chris,
 on Gena Server 

Hi

I recently found that using "NTPWEdit" or any other password resetting tool to reset user account password on "Windows 8.0/8.1" doesn't seems to always work. The symptoms include ;

1. You reset a local user account from PE, reboot to Windows and then found that the account still asking for password.

2. You enabled a disabled account from PE ( ie, built in "Administrator" account), reboot to Windows and found that the disabled account is not enabled/not present on the log on screen.


 cause :

It's the new "Fast Startup" feature which is behind this weird behaviors. "Fast Startup" will actually put Windows to a semi "hibernation" state to gain speed at next powering on.

Source : http://www.techrepublic.com/blog/windows-and-office/how-windows-8-hybrid-shutdown-fast-boot-feature-works/

The goal of Fast Boot is pretty obvious from its name - Windows 8 boots up faster than previous versions of the operating system ever did. To accomplish this feat, Windows 8 doesn't totally shut down when you click the Shut down command. Instead it only partially shuts down and partially hibernates. This is the Hybrid Shutdown part of the equation. Then, when you turn on your computer, Windows 8 starts very quickly because it only has to partially boot up and partially wake up. This is the Fast Boot part of the equation.

If you shutdown Windows 8, boot in to PE and edit Registry or reset password and reboot, Windows will actually resume it's core components from the hibernation file instead of loading from disk. As a result, any changes you made from PE will be lost !. Also in some cases, editing NTFS while system is on hibernation state may result in system file corruption ( i learned this by hard way ). The good Linux guys found this first and as a precaution, they decided to not mount NTFS if hibernation (either full or semi like "fast startup" ) is detected.

Source : https://kamalkaur188.wordpress.com/category/unable-to-mount-windows-ntfs-filesystem-due-to-hibernation/
 

Making changes to your Windows (ntfs) partition while it is hibernated could be dangerous--it could cause Windows to not resume from hibernation or to crash after resuming. Because of this, the tool (ntfs-3g) that mounts (opens) the partition will not mount it in read-write mode if it sees a hibernation flag.

Source : http://www.h-online.com/open/features/Linux-and-Windows-8-Fast-Startup-puts-data-at-risk-1780640.html

In tests, the problem was easily reproduced by shutting down a freshly installed Windows 8 system from the menu and then creating a few files on the Windows partitions from within a Linux distribution. After a subsequent system start, the new files did not appear in Windows. After unmounting and remounting the test partitions, and after rebooting Windows using the Windows restart feature, the files became visible but were often unreadable or corrupted. Edited files were also often damaged. Although Windows managed to repair the test system's filesystems, it took over an hour to fix an NTFS partition of 1.5TB, and some of the files that were created or modified under Linux were lost in the process.

Solution :

If "Windows 8" log in password need to be changed or Registry need to be edited, first boot to Windows and restart normally from the log in screen ( don't shutdown - restart and immediately boot to PE ).



This will clear the "fast startup" and then you can boot to your PE and edit password/registry or remove/add files from the "system drive".  I would also recommend to delete "hiberfil.sys" from the root of system drive as a safety precaution ( don't do this with "Win7". The hibernation file may contain user mode data unlike "Win8" ). "hiberfile.sys" will be recreated again the next time you shutdown the system from within "Windows 8"  and "fast startup" will be returned.


Btw, "fast startup" won't work with virtual machines. You need a real system for tests.

 

Thanks anshad,

interesting findings,

I always thought deleting swapfile.sys and hiberfile.sys, and making further changes on registry would get things right
 (force windows to get normal boot with probably a warning ;))
   what happens when swapfile.sys file deleted, I never tested....

I put a Big warning to NTPWEdit plugin interface 

NTPWEdit version 0.6 GPL is out 

Version 0.6 - 07.11.2016
  + added hibernation warning message   - See Anshad Reply #8
  + added simple automatic search for SAM file
  - fixed false hive open error in ntreg.c

Plugin and Standalone NTPWEdit v0.6 are on first post.

Thansk to Vadim Druzhin 

Thanks Chris,

Updated on server
\Downloads\AppYGS\Security\Unlockers\'NTPWEdit'

with DU buttons   

NTPWEdit version 0.7 GPL is out 

Version 0.7 - 26.09.2017
 • Always enable "Unlock" button for accounts that can expire

Standalone NTPWEdit v0.7 is on first post.

Thansk to Vadim Druzhin 

This is re-post from new thread I cannot delete.  NTPWEdit is not updated on server.  I do not need to get it from server to put into my build but wanted to mention because it says it is.  In case it was overlooked, I know we've all been busy.

Hi bob.omb,

thanks for paying attention, but new version on server.

Downloads\AppYGS\Security\Unlockers\NTPWEdit
 --> just click download button
AppsGS\Security\Unlockers\NTPWEdit
 --> click "edit" button (At Left of plugin title NTPWEdit)

Code: [Select]

History021=ChrisR NTPWEdit v0.7 always enable "Unlock" button for accounts that can expire - Date:2017.09.27

I also check attachment, all looks good to me. 

You are correct it is there.  I was thrown off by v05 on download section, also now I know why you write "VERSION MAY BE OUTDATED" so other people won't make the same mistake I did.

Also I think where I'm wrong is. I assumed exact and secure updated everything once added to build.  If I run exact and secure it does NOT update plugins I used the "Download" button for. That updates only plugins that normaly come with builder but not Downloads.  It would explain my false logic.

Also I think where I'm wrong is. I assumed exact and secure updated everything once added to build.  If I run exact and secure it does NOT update plugins I used the "Download" button for. That updates only plugins that normaly come with builder but not Downloads.  It would explain my false logic.

Hi bob.omb

that is the reason every project have its own Exact and Secure:

Win10PESE\Utils\Update Win10PESE (Exact and Secure)
..
Gena\Utils\Update Gena (Exact and Secure)

When plugins you add does not belong to project development, they are not updated.

See:
Utils\Download Other Projects


**
When you see topic announcing plugin updated on server, like NTPWEdit
+
1) use download button on plugin if available
if not:
2) use \Downloads\...... download button
+
Other plugins out of servers are attached on topics or posts ,
 follow plugin author attachment.


ps:
If you have Further questions about Exact and Secure (I feel you will),
 post to update and secure topic
http://theoven.org/index.php?topic=159.0

We are at NTPWEdit topic.