diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 94616b3..0000000 --- a/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -chntpw-source-080526.zip diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..20d7fc8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +chntpw-source-080526.zip +/chntpw-source-110511.zip +/chntpw-source-140201.zip diff --git a/Makefile b/Makefile deleted file mode 100644 index 28e8111..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: chntpw -# $Id$ -NAME := chntpw -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/chntpw-080526-correct-test-for-failing-open-syscall.patch b/chntpw-080526-correct-test-for-failing-open-syscall.patch new file mode 100644 index 0000000..3c68146 --- /dev/null +++ b/chntpw-080526-correct-test-for-failing-open-syscall.patch @@ -0,0 +1,75 @@ +From jim@meyering.net Mon Jul 20 20:05:55 2009 +Return-Path: jim@meyering.net +X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, + UNPARSEABLE_RELAY autolearn=ham version=3.2.5 +Received: from mail.corp.redhat.com [10.5.5.51] + by amd.home.annexia.org with IMAP (fetchmail-6.3.8) + for (single-drop); Mon, 20 Jul 2009 20:05:55 +0100 (BST) +Received: from zmta03.collab.prod.int.phx2.redhat.com (LHLO + zmta03.collab.prod.int.phx2.redhat.com) (10.5.5.33) by + mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 15:05:47 -0400 (EDT) +Received: from localhost (localhost.localdomain [127.0.0.1]) + by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 2C1134E4EB + for ; Mon, 20 Jul 2009 15:05:47 -0400 (EDT) +Received: from zmta03.collab.prod.int.phx2.redhat.com ([127.0.0.1]) + by localhost (zmta03.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id a7N9dvNRkYQB for ; + Mon, 20 Jul 2009 15:05:47 -0400 (EDT) +Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) + by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 034384E4D6 + for ; Mon, 20 Jul 2009 15:05:46 -0400 (EDT) +Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) + by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KJ5kIt032703 + for ; Mon, 20 Jul 2009 15:05:46 -0400 +Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) + by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KJ5jf3021050 + for ; Mon, 20 Jul 2009 15:05:45 -0400 +Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) + id D674638154; Mon, 20 Jul 2009 21:05:44 +0200 (CEST) +From: Jim Meyering +To: "Richard W. M. Jones" +Subject: chntpw [PATCH] correct test for failing "open" syscall +Date: Mon, 20 Jul 2009 21:05:44 +0200 +Message-ID: <878wij899z.fsf@meyering.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 +Status: RO +Content-Length: 1103 +Lines: 33 + +This one is weird. +It must be code that is never exercised, +since the existing code is totally bogus. +The condition, !open(...), will almost always be true. +(sole exception is when starting a program with stdin +initially closed) + +>From bc4cddb06cf13c189fbdc93e6962cad072779097 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 20 Jul 2009 14:59:19 -0400 +Subject: [PATCH] correct test for failing "open" syscall + +* ntreg.c (writeHive): Test open() < 0, not !open(). +--- + ntreg.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/ntreg.c b/ntreg.c +index be6b680..21cd3e3 100644 +--- a/ntreg.c ++++ b/ntreg.c +@@ -2765,7 +2765,7 @@ int writeHive(struct hive *hdesc) + if ( !(hdesc->state & HMODE_DIRTY)) return(0); + + if ( !(hdesc->state & HMODE_OPEN)) { /* File has been closed */ +- if (!(hdesc->filedesc = open(hdesc->filename,O_RDWR))) { ++ if ((hdesc->filedesc = open(hdesc->filename,O_RDWR)) < 0) { + fprintf(stderr,"writeHive: open(%s) failed: %s, FILE NOT WRITTEN!\n",hdesc->filename,strerror(errno)); + return(1); + } +-- +1.6.2.5 + diff --git a/chntpw-110511-detect-failure-to-write-key.patch b/chntpw-110511-detect-failure-to-write-key.patch new file mode 100644 index 0000000..818639d --- /dev/null +++ b/chntpw-110511-detect-failure-to-write-key.patch @@ -0,0 +1,19 @@ +diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-11-01 13:45:02.550421729 -0700 +@@ -3389,7 +3389,14 @@ + + fprintf(file,"\r\n"); /* Must end file with an empty line, windows does that */ + +- fclose(file); ++ if (ferror (file)) { ++ printf("failed to write file '%s'\n", filename); ++ fclose (file); ++ return; ++ } ++ if (fclose(file)) ++ printf("failed to write file '%s': %s\n", filename, ++ strerror(errno)); + } + + /* ================================================================ */ diff --git a/chntpw-110511-reged-no-deref-null.patch b/chntpw-110511-reged-no-deref-null.patch new file mode 100644 index 0000000..0193cd4 --- /dev/null +++ b/chntpw-110511-reged-no-deref-null.patch @@ -0,0 +1,15 @@ +diff -ur chntpw-110511.orig/reged.c chntpw-110511/reged.c +--- chntpw-110511.orig/reged.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/reged.c 2011-11-01 13:46:55.569625286 -0700 +@@ -167,6 +167,11 @@ + + if (edit) { /* Call editor. Rest of arguments are considered hives to load */ + hivename = argv[optind+no_hives]; ++ if (!hivename) { ++ fprintf(stderr,"with -e you must specify at least one hive file name\n"); ++ usage(); ++ exit(1); ++ } + do { + if (!(hive[no_hives] = openHive(hivename, + HMODE_RW|mode))) { diff --git a/chntpw-110511-robustness.patch b/chntpw-110511-robustness.patch new file mode 100644 index 0000000..ea2363f --- /dev/null +++ b/chntpw-110511-robustness.patch @@ -0,0 +1,39 @@ +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-12-18 17:09:06.290818997 -0800 +@@ -190,14 +190,18 @@ + + int fmyinput(char *prmpt, char *ibuf, int maxlen) + { +- ++ int len; + printf("%s",prmpt); + + fgets(ibuf,maxlen+1,stdin); ++ len = strlen(ibuf); + +- ibuf[strlen(ibuf)-1] = 0; ++ if (len) { ++ ibuf[len-1] = 0; ++ --len; ++ } + +- return(strlen(ibuf)); ++ return len; + } + + /* Print len number of hexbytes */ +@@ -4119,6 +4123,14 @@ + closeHive(hdesc); + return(NULL); + } ++ ++ if (r < sizeof (*hdesc)) { ++ fprintf(stderr, ++ "file is too small; got %d bytes while expecting %d or more\n", ++ r, sizeof (*hdesc)); ++ closeHive(hdesc); ++ return(NULL); ++ } + + /* Now run through file, tallying all pages */ + /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ diff --git a/chntpw-140201-fix-bogus-errno-use.patch b/chntpw-140201-fix-bogus-errno-use.patch new file mode 100644 index 0000000..ff7c846 --- /dev/null +++ b/chntpw-140201-fix-bogus-errno-use.patch @@ -0,0 +1,34 @@ +diff -u chntpw-140201.orig/ntreg.c chntpw-140201/ntreg.c +--- chntpw-140201.orig/ntreg.c 2019-06-22 13:09:59.583717369 -0700 ++++ chntpw-140201/ntreg.c 2019-06-22 13:16:26.714726148 -0700 +@@ -4241,10 +4241,13 @@ + do { /* On some platforms read may not block, and read in chunks. handle that */ + r = read(hdesc->filedesc, hdesc->buffer + rt, hdesc->size - rt); + rt += r; +- } while ( !errno && (rt < hdesc->size) ); ++ } while ( r > 0 && (rt < hdesc->size) ); + +- if (errno) { +- perror("openHive(): read error: "); ++ if (r <= 0) { ++ if (r < 0) ++ perror("openHive(): read error"); ++ else ++ fprintf(stderr, "openHive(): read error: unexpected EOF\n"); + closeHive(hdesc); + return(NULL); + } +@@ -4255,10 +4258,10 @@ + return(NULL); + } + +- if (r < sizeof (*hdesc)) { ++ if (rt < sizeof (*hdesc)) { + fprintf(stderr, +- "file is too small; got %d bytes while expecting %d or more\n", +- r, sizeof (*hdesc)); ++ "file is too small; got %d bytes while expecting %zu or more\n", ++ rt, sizeof (*hdesc)); + closeHive(hdesc); + return(NULL); + } diff --git a/chntpw-140201-get_abs_path.patch b/chntpw-140201-get_abs_path.patch new file mode 100644 index 0000000..c9f1a3d --- /dev/null +++ b/chntpw-140201-get_abs_path.patch @@ -0,0 +1,10 @@ +--- chntpw-140201/ntreg.c.orig 2014-02-01 08:54:37.000000000 -0800 ++++ chntpw-140201/ntreg.c 2018-07-02 16:10:39.625152640 -0700 +@@ -1511,6 +1511,7 @@ + } + + strncpy(tmp,path,ABSPATHLEN-1); ++ tmp[ABSPATHLEN-1] = '\0'; + + if (key->type & 0x20) + keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-140201-hexdump-pointer-type.patch b/chntpw-140201-hexdump-pointer-type.patch new file mode 100644 index 0000000..a8924bc --- /dev/null +++ b/chntpw-140201-hexdump-pointer-type.patch @@ -0,0 +1,21 @@ +diff -urN chntpw-140201.orig/libsam.c chntpw-140201/libsam.c +--- chntpw-140201.orig/libsam.c 2014-02-01 08:54:37.000000000 -0800 ++++ chntpw-140201/libsam.c 2024-08-03 15:31:41.817601486 -0700 +@@ -511,7 +511,7 @@ + + if (gverbose) printf("put_grp_members_sid: ajusted: mofs = %x, mlen = %x (%d)\n", mofs + 0x34 ,mlen,mlen); + +- if (gverbose) hexdump(&c->data, 0, c->len, 1); ++ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); + + /* Get total size of new SID data */ + +@@ -539,7 +539,7 @@ + cd->members_len = sidlen; /* Update member count in C struct */ + cd->grp_members = i; + +- if (gverbose) hexdump(&c->data, 0, c->len, 1); ++ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1); + + if (!put_buf2val(hdesc, c, 0, g, 0, TPF_VK_EXACT)) { + fprintf(stderr,"put_grp_members_sid: could not write back group info in value %s\n",g); diff --git a/chntpw-140201-port-to-gcrypt-debian.patch b/chntpw-140201-port-to-gcrypt-debian.patch new file mode 100644 index 0000000..45adefb --- /dev/null +++ b/chntpw-140201-port-to-gcrypt-debian.patch @@ -0,0 +1,195 @@ +01_port_to_gcrypt.patch +Paul Wise +Placed in the public domain +Port to libgcrypt to avoid GPL/OpenSSL incompatibility +Forwarded to Petter Nordahl-Hagen +Updated by Philippe Coval for debian + +--- a/chntpw.c ++++ b/chntpw.c +@@ -16,6 +16,7 @@ + * 2010-jun: Syskey not visible in menu, but is selectable (2) + * 2010-apr: Interactive menu adapts to show most relevant + * selections based on what is loaded ++ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian] + * 2008-mar: Minor other tweaks + * 2008-mar: Interactive reg ed moved out of this file, into edlib.c + * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev +@@ -79,8 +80,14 @@ + */ + + #ifdef DOCRYPTO ++#if defined(USEOPENSSL) + #include + #include ++#elif defined(USELIBGCRYPT) ++ #include ++#else ++ #error No DES encryption and MD4 hashing library found ++#endif + #endif + + #define uchar u_char +@@ -155,7 +162,9 @@ + for (i=0;i<8;i++) { + key[i] = (key[i]<<1); + } ++#if defined(USEOPENSSL) + DES_set_odd_parity((des_cblock *)key); ++#endif + } + + /* +@@ -200,6 +209,7 @@ + + void E1(uchar *k, uchar *d, uchar *out) + { ++#if defined(USEOPENSSL) + des_key_schedule ks; + des_cblock deskey; + +@@ -210,6 +220,15 @@ + des_set_key((des_cblock *)deskey,ks); + #endif /* __FreeBsd__ */ + des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks; ++ uchar deskey[8]; ++ str_to_key(k,deskey); ++ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_setkey(ks, deskey, 8); ++ gcry_cipher_encrypt(ks, out, 8, d, 8); ++ gcry_cipher_close(ks); ++#endif + } + + #endif /* DOCRYPTO */ +@@ -343,9 +362,16 @@ + int i; + char md4[32],lanman[32]; + char newunipw[34], despw[20], newlanpw[16], newlandes[20]; ++#ifdef USEOPENSSL + des_key_schedule ks1, ks2; + des_cblock deskey1, deskey2; + MD4_CTX context; ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks1, ks2; ++ uchar deskey1[8], deskey2[8]; ++ unsigned char *p; ++ gcry_md_hd_t context; ++#endif + unsigned char digest[16]; + uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25}; + #endif +@@ -460,6 +486,7 @@ + } + + #ifdef DOCRYPTO ++#if defined(USEOPENSSL) + /* Get the two decrpt keys. */ + sid_to_key1(rid,(unsigned char *)deskey1); + des_set_key((des_cblock *)deskey1,ks1); +@@ -477,6 +504,25 @@ + (des_cblock *)lanman, ks1, DES_DECRYPT); + des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), + (des_cblock *)&lanman[8], ks2, DES_DECRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Start the keys */ ++ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ ++ /* Get the two decrpt keys. */ ++ sid_to_key1(rid,deskey1); ++ gcry_cipher_setkey(ks1, deskey1, 8); ++ sid_to_key2(rid,deskey2); ++ gcry_cipher_setkey(ks2, deskey2, 8); ++ ++ /* Decrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); ++ ++ /* Decrypt the lanman password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); ++#endif + + if (gverbose) { + hexprnt("MD4 hash : ",(unsigned char *)md4,16); +@@ -544,9 +590,17 @@ + + /* printf("Ucase Lanman: %s\n",newlanpw); */ + ++#if defined(USEOPENSSL) + MD4Init (&context); + MD4Update (&context, newunipw, pl<<1); + MD4Final (digest, &context); ++#elif defined(USELIBGCRYPT) ++ gcry_md_open(&context, GCRY_MD_MD4, 0); ++ gcry_md_write(context, newunipw, pl<<1); ++ p = gcry_md_read(context, GCRY_MD_MD4); ++ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); ++ gcry_md_close(context); ++#endif + + if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); + +@@ -555,6 +609,7 @@ + + if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); + ++#if defined(USEOPENSSL) + /* Encrypt the NT md4 password hash as two 8 byte blocks. */ + des_ecb_encrypt((des_cblock *)digest, + (des_cblock *)despw, ks1, DES_ENCRYPT); +@@ -565,6 +620,18 @@ + (des_cblock *)newlandes, ks1, DES_ENCRYPT); + des_ecb_encrypt((des_cblock *)(lanman+8), + (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Encrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_encrypt(ks1, despw, 8, digest, 8); ++ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); ++ ++ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); ++ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); ++ ++ /* Close keys, not needed after this */ ++ gcry_cipher_close(ks1); ++ gcry_cipher_close(ks2); ++#endif + + if (gverbose) { + hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); +--- a/Makefile ++++ b/Makefile +@@ -2,28 +2,10 @@ + # Makefile for the Offline NT Password Editor + # +-# +-# Change here to point to the needed OpenSSL libraries & .h files +-# See INSTALL for more info. +-# +- +-#SSLPATH=/usr/local/ssl +-OSSLPATH=/usr +-OSSLINC=$(OSSLPATH)/include + + CC=gcc ++CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- +- +-# This is to link with whatever we have, SSL crypto lib we put in static +-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +-LIBS=-L$(OSSLLIB) ++LIBS=$(shell libgcrypt-config --libs) + + + all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static diff --git a/chntpw-chntpw.8 b/chntpw-chntpw.8 deleted file mode 100644 index 8b0ec85..0000000 --- a/chntpw-chntpw.8 +++ /dev/null @@ -1,96 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH CHNTPW 8 "30th May 2002" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -chntpw \- utility to overwrite Windows NT/2000 SAM passwords -.SH SYNOPSIS -.B chntpw -.RI [ options ] -.RI < samfile > -.RI [ systemfile ] -.RI [ securityfile ] -.RI [ otherreghive ] -.RI [...] -.br -.SH DESCRIPTION -This manual page documents briefly the -.B chntpw -command. -This manual page was written for the Debian distribution -because the original program does not have a manual page. -.PP -.B chntpw -is a utility to view some information and change user passwords -in a Windows NT/2000 SAM userdatabase file. It is not necessary to -know the old passwords to reset them. In addition it contains a -simple registry editor (same size data writes) -and hex-editor with which the information contained in a registry -file can be browsed and modified. -.SH OPTIONS -.TP -.B \-h -Show summary of options. -.TP -.B \-u username -Username to change. Default is Administrator -.TP -.B \-l -List all users in the SAM database. -.TP -.B \-i -Interactive: list all users (as per \-l) and then ask for the -user to change. -.TP -.B \-e -Registry editor with limited capabilities. -.TP -.B \-d -Use buffer debugger. -.TP -.B \-t -Show hexdumps of structs/segments (deprecated debug function). -.SH EXAMPLES -.TP -.B chntpw sam system -Opens registry hives -.B sam -and -.B system -and change administrator account. This will work even if the name -has been changed or it has been localized (since different language -versions of NT use different administrator names). -.TP -.B chntpw -u jabbathehutt mysam -Prompts for password for -.B jabbathehutt -and changes it in the -.B mysam -registry file, if found (otherwise do nothing) -.SH SEE ALSO -If you are looking for an automated procedure for password -recovery, you might look at the bootdisks provided by the -upstream author at -.BR http://home.eunet.no/~pnordahl/ntpasswd/ -.br -There is more information on how this program works available at -.IR /usr/share/doc/chntpw . -This information includes in-depth information on how the -registry works, what are syskeys and some other issues. -.SH AUTHOR -This manual page was written by -Javier Fernandez-Sanguino , -for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.8 b/chntpw.8 new file mode 100644 index 0000000..f92440b --- /dev/null +++ b/chntpw.8 @@ -0,0 +1,157 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH CHNTPW 8 "13th March 2010" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +chntpw \- utility to overwrite passwords of Windows systems +.SH SYNOPSIS +.B chntpw +.RI [ options ] +.RI < samfile > +.RI [ systemfile ] +.RI [ securityfile ] +.RI [ otherreghive ] +.RI [...] +.br +.SH DESCRIPTION +This manual page documents briefly the +.B chntpw +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B chntpw +is a utility to view some information and reset user passwords +in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows +Operating System (in NT3.x and later versions). This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to +know the previous passwords to reset them. In addition it contains a simple +registry editor and ahex-editor with which the information contained in a +registry file can be browsed and modified. + +This program should be able to handle both 32 and 64 bit Microsoft Windows and +all versions from NT3.x up to Win8.1. + + +.SH OPTIONS +.TP +.B \-h +Show a summary of options. +.TP +.B \-u username +Username or username ID (RID) to change. The default is 'Administrator'. +.TP +.B \-l +List all users in the SAM database and exit. +.TP +.B \-i +Interactive Menu system: list all users (as per \-l option) and then ask for the +user to change. +.TP +.B \-e +Registry editor with limited capabilities (but it does include write support). For a +slightly more powerful editor see +.B reged + +.TP +.B \-d +Use buffer debugger instead (hex editor) + +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-v +Print verbose information and debug messages. + + + + + +.SH EXAMPLES +.TP +.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/ +Mount the Windows file system and enters the directory +.B \\\\WINDOWS\\\\system32\\\\config +where Windows stores the SAM database. +.TP +.B chntpw SAM system +Opens registry hives +.B SAM +and +.B system +and change administrator account. This will work even if the name +has been changed or it has been localized (since different language +versions of NT use different administrator names). +.TP +.B chntpw -l SAM +Lists the users defined in the +.B SAM +registry file. +.TP +.B chntpw -u jabbathehutt SAM +Prompts for password for +.B jabbathehutt +and changes it in the +.B SAM +registry file, if found (otherwise do nothing). + +.SH KNOWN BUGS + +This program uses undocumented structures in the SAM database. Use with +caution (i.e. make sure you make a backup of the file before any changes +are done). + +Password changing is only possible if the program has been specifically +compiled with some cryptographic functions. This feature, however, only +works properly in Windows NT and Windows 2000 systems. It might not +work properly in Windows XP, Vista, Win7, Win8 and later systems. + +In the Debian distribution this feature is not enabled. + +.SH SEE ALSO +.B reged, samusrgrp, sampasswd + +If you are looking for an automated procedure for password +recovery, you might want to check the bootdisks (can be used in CD +and USB drives) provided by the upstream author at +.BR http://pogostick.net/~pnh/ntpasswd/ + +.br +You will find more information available on how this program works, including +in-depth details on how the registry works, in the text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/chntpw.spec b/chntpw.spec index a32d29a..120ca06 100644 --- a/chntpw.spec +++ b/chntpw.spec @@ -1,75 +1,245 @@ Name: chntpw # Version is taken from HISTORY.txt -Version: 0.99.6 -Release: 7%{?dist} +Version: 1.00 +Release: 20.140201%{?dist} Summary: Change passwords in Windows SAM files -Group: Applications/Engineering -License: GPLv2 -URL: http://home.eunet.no/~pnordahl/ntpasswd/ -Source0: http://home.eunet.no/~pnordahl/ntpasswd/chntpw-source-080526.zip +# Automatically converted from old format: GPLv2 - review is highly recommended. +License: GPL-2.0-only +URL: http://pogostick.net/~pnh/ntpasswd/ +Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip Source2: chntpw-README.Dist -# The man page is borrowed from Debian -Source3: chntpw-chntpw.8 -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# The man pages are borrowed from Debian +Source10: chntpw.8 +Source11: reged.8 +Source12: sampasswd.8 +Source13: samusrgrp.8 -BuildRequires: openssl-devel +BuildRequires: gcc +BuildRequires: libgcrypt-devel +BuildRequires: make + +# Patches sent upstream on 2009-06-08. +Patch1: chntpw-140201-get_abs_path.patch + +# Patch from Debian (RHBZ#504595). +Patch3: chntpw-140201-port-to-gcrypt-debian.patch + +# Patches from Jim Meyering to improve robustness of the code. +Patch4: chntpw-110511-robustness.patch +Patch5: chntpw-080526-correct-test-for-failing-open-syscall.patch +Patch6: chntpw-110511-detect-failure-to-write-key.patch +Patch7: chntpw-110511-reged-no-deref-null.patch + +# Patch derived from Oleg Samarin (RHBZ#1645886) +Patch8: chntpw-140201-fix-bogus-errno-use.patch + +# Cast around new GCC error for mismatched pointer arguments +Patch9: chntpw-140201-hexdump-pointer-type.patch %description This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. You do not need to know the old password to set a new one. It works offline, that -is, you have to shutdown your computer and boot off a floppydisk or CD +is, you have to shutdown your computer and boot off a floppy disk or CD or another system. Will detect and offer to unlock locked or disabled out user accounts! There is also a registry editor and other registry -utilities that works under linux/unix, and can be used for other things +utilities that works under Linux/Unix, and can be used for other things than password editing. %prep -%setup -q -n %{name}-080526 +%setup -q -n %{name}-140201 cp -p %{SOURCE2} README.Dist sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol touch -c -r WinReg.txt WinReg.txt.eol mv WinReg.txt.eol WinReg.txt +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 +%patch -P8 -p1 +%patch -P9 -p1 + %build -make CC="%__cc" CFLAGS="$RPM_OPT_FLAGS" LIBS="-lcrypto" chntpw cpnt reged +make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" \ + chntpw cpnt reged sampasswd samusrgrp %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_bindir} -cp chntpw $RPM_BUILD_ROOT%{_bindir} -cp cpnt $RPM_BUILD_ROOT%{_bindir} -cp reged $RPM_BUILD_ROOT%{_bindir} +cp chntpw cpnt reged sampasswd samusrgrp $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/ -cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + $RPM_BUILD_ROOT%{_mandir}/man8/ -%clean -rm -rf $RPM_BUILD_ROOT - %files -%defattr(-,root,root,-) %doc GPL.txt LGPL.txt README.txt regedit.txt WinReg.txt HISTORY.txt %doc README.Dist %{_bindir}/chntpw %{_bindir}/cpnt %{_bindir}/reged -%{_mandir}/man8/%{name}.8* +%{_bindir}/sampasswd +%{_bindir}/samusrgrp +%{_mandir}/man8/*.8* %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 1.00-20.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jan 16 2025 Fedora Release Engineering - 1.00-19.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sat Aug 03 2024 Conrad Meyer - 1.00-18.140201 +- Add fix for rhbz# 2300591. + +* Mon Jul 29 2024 Miroslav Suchý - 1.00-17.140201 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 1.00-16.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue Jan 23 2024 Fedora Release Engineering - 1.00-15.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.00-14.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 1.00-13.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 1.00-12.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 1.00-11.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 1.00-10.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 1.00-9.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 1.00-8.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 1.00-7.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 1.00-6.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 1.00-5.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jun 22 2019 Conrad Meyer - 1.00-4.140201 +- Add fix for rhbz# 1645886. Thanks Oleg Samarin. + +* Thu Jan 31 2019 Fedora Release Engineering - 1.00-3.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 19 2018 Conrad Meyer - 1.00-2.140201 +- Add missing GCC BR after removal from buildroot +- Unfuck version number bumped incorrectly by RE + +* Thu Jul 12 2018 Fedora Release Engineering - 1.00-1.140201 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Conrad Meyer - 1.00-0.140201 +- Update to latest upstream, 1.00 / 140201 +- Rebase patches as needed +- Import additional and enhanced manual pages from Debian +- Adds two new binaries: sampasswd and samusrgrp +- Clean up rpmlint warnings (tabs, spelling, log date) + +* Wed Feb 07 2018 Fedora Release Engineering - 0.99.6-30.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.99.6-29.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.99.6-28.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.99.6-27.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.99.6-26.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.99.6-25.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 0.99.6-24.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.99.6-23.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 23 2014 Tomáš Mráz - 0.99.6-22.110511 +- Rebuild for new libgcrypt + +* Sat Aug 03 2013 Fedora Release Engineering - 0.99.6-21.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 13 2013 Fedora Release Engineering - 0.99.6-20.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jul 18 2012 Fedora Release Engineering - 0.99.6-19.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jan 12 2012 Fedora Release Engineering - 0.99.6-18.110511 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sun Dec 18 2011 Conrad Meyer - 0.99.6-17.110511 +- Fix 'robustness' patch (#755622) + +* Tue Nov 1 2011 Conrad Meyer - 0.99.6-16.110511 +- Update to latest upstream (110511) (#750005). +- Update fedora patches to apply cleanly, dropping useless hunks + as needed. +- Add upstream version to "Release" tag, so that people can + actually tell which version of upstream we're shipping from the + rpm version. + +* Tue Feb 08 2011 Fedora Release Engineering - 0.99.6-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jun 7 2010 Conrad Meyer - 0.99.6-14 +- Upstream changed hosts; fixed URL and Source0. + +* Fri Jul 24 2009 Fedora Release Engineering - 0.99.6-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Richard W.M. Jones - 0.99.6-12 +- Two^W Three more patches from Jim Meyering to improve general code quality. + +* Mon Jul 20 2009 Richard W.M. Jones - 0.99.6-10 +- Three patches from Jim Meyering aiming to improve the general + robustness of the code. + +* Mon Jun 8 2009 Richard W.M. Jones - 0.99.6-9 +- Compile against libgcrypt instead of OpenSSL (RHBZ#504595). +- Compile as a 64 bit native binary on 64 bit platforms. + +* Mon Jun 8 2009 Richard W.M. Jones - 0.99.6-8 +- Fix three crashing bugs in 'reged -x' command. + * Mon Feb 23 2009 Fedora Release Engineering - 0.99.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Thu Jan 15 2009 Tomas Mraz - 0.99.6-6 - rebuild with new openssl -* Sun Oct 11 2008 Conrad Meyer - 0.99.6-5 +* Sun Oct 12 2008 Conrad Meyer - 0.99.6-5 - Bump because force-tag was removed. Please add it back. * Sat Oct 11 2008 Conrad Meyer - 0.99.6-4 diff --git a/import.log b/import.log deleted file mode 100644 index aff7d5f..0000000 --- a/import.log +++ /dev/null @@ -1 +0,0 @@ -chntpw-0_99_6-4_fc9:HEAD:chntpw-0.99.6-4.fc9.src.rpm:1223863802 diff --git a/reged.8 b/reged.8 new file mode 100644 index 0000000..36ecff4 --- /dev/null +++ b/reged.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH REGED 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +reged \- utility to export/import and edit a Windows registry hives +.SH SYNOPSIS +.B reged +.RI [ options ] +.RI -x + +.B reged +.RI [ options ] +.RI -I + +.B reged +.RI [ options ] +.RI -e + + +.br +.SH DESCRIPTION +This manual page documents briefly the +.B reged +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B reged +is the an interactive command line utility that can be used to +export, import or edit a Microsoft Windows registry hive. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-x +Export parts of a hive file to a text registry (.reg) file. +Prefixstring indicates the part of the registry hive to dump (for example +HKEY_LOCAL_MACHINE\\SOFTWARE). The parameter defines the key to dump +(recursively). You can use \\ or \\\\ to list all the keys in the hive file. + +Only one hive file and one .reg file can be defined. + +.TP +.B \-I +Import the content of the input.reg file into the registry file. The value + can be any valid prefix, for example is +HKEY_LOCAL_MACHINE\\SOFTWARE. + +Only one .reg and one hive file supported at the same time + +.TP +.B \-e ... +Interactive edit one or more registry files. + +.TP +.B \-L +Log all changed filenames to /tmp/changed. When this option is set the +program automatically saves the changes in the hive files without prompting the +user. + +Be careful when using the \fB-L\fR option as a root user in a multiuser system. +The filename is fixed and this can be used by malicious users (dropping a +symlink with the same name) to overwrite system files. + + +.TP +.B \-C +Automatically save all changes. Do not prompt the user. + +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. + +.TP +.B \-E +Do not expand the hive file (safe mode). + +.TP +.B \-t +Print debug information of allocated blocks. + +.TP +.B \-v +Print verbose information and debug messages. + +.SH KNOWN BUGS + +There are many \fBunknown\fR bugs. If you find bugs please report them to the author. + +.SH SEE ALSO +.B chntpwd, samusrgrp, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sampasswd.8 b/sampasswd.8 new file mode 100644 index 0000000..78257c2 --- /dev/null +++ b/sampasswd.8 @@ -0,0 +1,120 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMPASSWD 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +sampasswd \- reset passwords of users in the SAM user database +.SH SYNOPSIS +.B sampasswd +.RI [ options ] +.RI -u user +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B sampasswd +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. + +.PP +.B sampasswd +is a non-interactive command line utility that can reset a user's +password and/or the user's account bits from the SAM user database file of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-r +Reset the user's password. +.TP +.B \-a +Reset all the users. If this option is used there is no need to specify the next option. +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-l +Lists the users in the SAM database. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B sampasswd -r -u theboss +Reset the password of a user named 'theboss', if found. + +.TP +.B sampasswd -r -u 0x3ea +Reset the password of the user with RID '0x3a'. + +.TP +.B samusrgrp -r -a +Reset the password of all the users in the Administrator's group (0x220) + +.TP +.B samusrgrp -r -f +Reset the password of the administrative users with the lowest RID number. +This does not include the built-in administrator (0x1f4) unless no other +administrative user can be found in the database file. + + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, samusrgrp +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/samusrgrp.8 b/samusrgrp.8 new file mode 100644 index 0000000..773448b --- /dev/null +++ b/samusrgrp.8 @@ -0,0 +1,130 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SAMUSRGRP 8 "6th August 2014" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +samusrgrp \- add or remove users from groups in SAM database files +.SH SYNOPSIS +.B samusrgrp +.RI [ options ] +.RI < samfile > +.br +.SH DESCRIPTION +This manual page documents briefly the +.B samusrgrp +command. +This manual page was written for the Debian distribution +because the original program does not have a manual page. +.PP +.B samusrgrp +is a non-interactive command line utility that can add or remove +a user from a local group that exists in the SAM user database of a +Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.). +This file is usually located at +\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows +Operating System + +On success, the program does not output any informatin and the exit code is 0. + +The binary program supports multiple names. If it is called named +.B samusrtogrp +it will assume \fB-a\fR mode (add user). If it is called named +.B samusrfromgrp +it will assume \fB-r\fR mode (remove user). + +.SH OPTIONS +.TP +.B \-h +Show summary of options. +.TP +.B \-a +The user is added to the group. This option has to be followed +by \-u and \-g . +.TP +.B \-r +The user is removed from the group. This option has to be followed +by \-u and \-g . +.TP +.B \-u +User to change. The user value can be provided as a username, or a RID number in +hexadecimal (if the username is preceded with '0x'). Usernames including +international characters will probably not work. +.TP +.B \-g +Group to change. The group can only be given as a group number, in hexadecimal, preceded with +with '0x'. +.TP +.B \-l +Lists the groups in the SAM database. +.TP +.B \-L +Lists the groups in the SAM database as well as their members. +.TP +.B \-s +Print the machine SID. +.TP +.B \-H +Output human readable output. The program by default will print a parsable table unless +this option is used. +.TP +.B \-N +Do not allocate more information, only allow the editing of existing values +with same size. +.TP +.B \-E +Do not expand the hive file (safe mode). +.TP +.B \-t +Print debug information of allocated blocks. +.TP +.B \-v +Print verbose information and debug messages. + +.SH EXAMPLES +.TP +.B samusrgrp -a -u theboss -g 0x220 SAMFILE +Adds a user named 'theboss' to the group 0x220 (Administrators) + +.TP +.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE +Adds a user with the id '0x3aa' to the group 0x221 (Users) + +.TP +.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE +Remove a user with the id '0x3ff' from the group 0x221 (Users) + +.SH KNOWN BUGS + +If the username includes international (non-ASCII) characters the program +will not (usually) find it. Use the RID number instead. + +.SH SEE ALSO +.B chntpwd, reged, sampasswd +.br +You will find more information available on how this program works, in the +text files +.IR /usr/share/doc/chntpw/README.txt +and +.IR /usr/share/doc/chntpw/MANUAL.txt + +More documentation is available at the upstream's author site: +.BR http://pogostick.net/~pnh/ntpasswd/ + +.SH AUTHOR +This program was written by Petter N Hagen. + +This manual page was written by Javier Fernandez-Sanguino , +for the Debian GNU/Linux system (but may be used by others). diff --git a/sources b/sources index 954d9c8..e597fc8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -09addfe7ae469677da39ed66d83858d3 chntpw-source-080526.zip +SHA512 (chntpw-source-140201.zip) = a26d747f6e077d1bb3e9b8077781f8c37dd978e07b7426495862f15c9004572b706c34736fc4d1ed8856b1a43335d726b4d87c688f7f9a11fd6cc3a74d71a7fa