rpms/chntpw
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f29
rpms:f30
rpms:f26
rpms:f27
rpms:f28
rpms:f24
rpms:f25
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f15
rpms:f16
rpms:f11
rpms:el6
rpms:f9
rpms:el5
rpms:f14
rpms:f10
rpms:f12
rpms:f13
rpms:EL-6-start
rpms:EL-6-split
rpms:F-13-start
rpms:F-13-split
rpms:chntpw-0_99_6-13_fc12
rpms:F-12-start
rpms:F-12-split
rpms:chntpw-0_99_6-12_fc12
rpms:chntpw-0_99_6-11_fc12
rpms:chntpw-0_99_6-10_fc12
rpms:chntpw-0_99_6-9_el5
rpms:chntpw-0_99_6-9_fc12
rpms:EL-5-start
rpms:EL-5-split
rpms:chntpw-0_99_6-9_fc11
rpms:chntpw-0_99_6-5_fc10_2
rpms:chntpw-0_99_6-8_fc11
rpms:chntpw-0_99_6-5_fc10_1
rpms:chntpw-0_99_6-8_fc12
rpms:chntpw-0_99_6-7_fc11
rpms:F-11-start
rpms:F-11-split
rpms:chntpw-0_99_6-6_fc11
rpms:chntpw-0_99_6-5_fc9
rpms:chntpw-0_99_6-5_fc10
rpms:chntpw-0_99_6-5_fc11
rpms:chntpw-0_99_6-4_fc11
rpms:F-9-start
rpms:F-9-split
rpms:F-10-start
rpms:F-10-split
..
compare: rpms:f15
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f29
rpms:f30
rpms:f26
rpms:f27
rpms:f28
rpms:f24
rpms:f25
rpms:f23
rpms:f21
rpms:f22
rpms:f20
rpms:f19
rpms:f18
rpms:f17
rpms:f15
rpms:f16
rpms:f11
rpms:el6
rpms:f9
rpms:el5
rpms:f14
rpms:f10
rpms:f12
rpms:f13
rpms:EL-6-start
rpms:EL-6-split
rpms:F-13-start
rpms:F-13-split
rpms:chntpw-0_99_6-13_fc12
rpms:F-12-start
rpms:F-12-split
rpms:chntpw-0_99_6-12_fc12
rpms:chntpw-0_99_6-11_fc12
rpms:chntpw-0_99_6-10_fc12
rpms:chntpw-0_99_6-9_el5
rpms:chntpw-0_99_6-9_fc12
rpms:EL-5-start
rpms:EL-5-split
rpms:chntpw-0_99_6-9_fc11
rpms:chntpw-0_99_6-5_fc10_2
rpms:chntpw-0_99_6-8_fc11
rpms:chntpw-0_99_6-5_fc10_1
rpms:chntpw-0_99_6-8_fc12
rpms:chntpw-0_99_6-7_fc11
rpms:F-11-start
rpms:F-11-split
rpms:chntpw-0_99_6-6_fc11
rpms:chntpw-0_99_6-5_fc9
rpms:chntpw-0_99_6-5_fc10
rpms:chntpw-0_99_6-5_fc11
rpms:chntpw-0_99_6-4_fc11
rpms:F-9-start
rpms:F-9-split
rpms:F-10-start
rpms:F-10-split

No commits in common. "rawhide" and "f15" have entirely different histories.
rawhide ... f15

13 changed files with 178 additions and 786 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
chntpw-source-080526.zip
/chntpw-source-110511.zip
/chntpw-source-140201.zip

11
chntpw-110511-get_abs_path.patch Normal file
View file

@ -0,0 +1,11 @@
diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c
--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700
+++ chntpw-110511/ntreg.c 2011-11-01 13:36:13.362856892 -0700
@@ -1436,6 +1436,7 @@
}
strncpy(tmp,path,ABSPATHLEN-1);
+ tmp[ABSPATHLEN-1] = '\0';
if (key->type & 0x20)
keyname = mem_str(key->keyname, key->len_name);

83
chntpw-140201-port-to-gcrypt-debian.patch → chntpw-110511-port-to-gcrypt-debian.patch
View file

@ -1,36 +1,28 @@
01_port_to_gcrypt.patch
Paul Wise <pabs@debian.org>
Placed in the public domain
Port to libgcrypt to avoid GPL/OpenSSL incompatibility
Forwarded to Petter Nordahl-Hagen <pnordahl@eunet.no>
Updated by Philippe Coval <rzr@gna.org> for debian
--- a/chntpw.c
+++ b/chntpw.c
@@ -16,6 +16,7 @@
* 2010-jun: Syskey not visible in menu, but is selectable (2)
* 2010-apr: Interactive menu adapts to show most relevant
* selections based on what is loaded
+ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian]
* 2008-mar: Minor other tweaks
* 2008-mar: Interactive reg ed moved out of this file, into edlib.c
* 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev
@@ -79,8 +80,14 @@
*/
diff -ur chntpw-110511.orig/chntpw.c chntpw-110511/chntpw.c
--- chntpw-110511.orig/chntpw.c 2011-05-11 12:33:56.000000000 -0700
+++ chntpw-110511/chntpw.c 2011-11-01 13:32:10.596579799 -0700
@@ -65,12 +65,19 @@
#include <sys/types.h>
#include <inttypes.h>
#ifdef DOCRYPTO
+#if defined(USEOPENSSL)
#include <openssl/des.h>
#include <openssl/md4.h>
-#define uchar u_char
#define MD4Init MD4_Init
#define MD4Update MD4_Update
#define MD4Final MD4_Final
+#elif defined(USELIBGCRYPT)
+ #include <gcrypt.h>
+#else
+ #error No DES encryption and MD4 hashing library found
+#endif
#endif
+
+#define uchar u_char
#define uchar u_char
@@ -155,7 +162,9 @@
#include "ntreg.h"
#include "sam.h"
@@ -142,7 +149,9 @@
for (i=0;i<8;i++) {
key[i] = (key[i]<<1);
}
@ -40,7 +32,7 @@ Updated by Philippe Coval <rzr@gna.org> for debian
}
/*
@@ -200,6 +209,7 @@
@@ -187,6 +196,7 @@
void E1(uchar *k, uchar *d, uchar *out)
{
@ -48,7 +40,7 @@ Updated by Philippe Coval <rzr@gna.org> for debian
des_key_schedule ks;
des_cblock deskey;
@@ -210,6 +220,15 @@
@@ -197,6 +207,15 @@
des_set_key((des_cblock *)deskey,ks);
#endif /* __FreeBsd__ */
des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT);
@ -63,33 +55,35 @@ Updated by Philippe Coval <rzr@gna.org> for debian
+#endif
}
#endif /* DOCRYPTO */
@@ -343,9 +362,16 @@
int i;
char md4[32],lanman[32];
char newunipw[34], despw[20], newlanpw[16], newlandes[20];
@@ -504,10 +523,18 @@
int dontchange = 0;
struct user_V *v;
+#ifdef USEOPENSSL
des_key_schedule ks1, ks2;
des_cblock deskey1, deskey2;
MD4_CTX context;
+#elif defined(USELIBGCRYPT)
+ gcry_cipher_hd_t ks1, ks2;
+ uchar deskey1[8], deskey2[8];
+
+ unsigned char *p;
+ gcry_md_hd_t context;
+#endif
unsigned char digest[16];
uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25};
#endif
@@ -460,6 +486,7 @@
unsigned short acb;
@@ -621,6 +648,7 @@
hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16);
}
#ifdef DOCRYPTO
+#if defined(USEOPENSSL)
/* Get the two decrpt keys. */
sid_to_key1(rid,(unsigned char *)deskey1);
des_set_key((des_cblock *)deskey1,ks1);
@@ -477,6 +504,25 @@
@@ -638,6 +666,25 @@
(des_cblock *)lanman, ks1, DES_DECRYPT);
des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8),
(des_cblock *)&lanman[8], ks2, DES_DECRYPT);
@ -115,7 +109,7 @@ Updated by Philippe Coval <rzr@gna.org> for debian
if (gverbose) {
hexprnt("MD4 hash : ",(unsigned char *)md4,16);
@@ -544,9 +590,17 @@
@@ -693,9 +740,17 @@
/* printf("Ucase Lanman: %s\n",newlanpw); */
@ -133,7 +127,7 @@ Updated by Philippe Coval <rzr@gna.org> for debian
if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16);
@@ -555,6 +609,7 @@
@@ -704,6 +759,7 @@
if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16);
@ -141,7 +135,7 @@ Updated by Philippe Coval <rzr@gna.org> for debian
/* Encrypt the NT md4 password hash as two 8 byte blocks. */
des_ecb_encrypt((des_cblock *)digest,
(des_cblock *)despw, ks1, DES_ENCRYPT);
@@ -565,6 +620,18 @@
@@ -714,6 +770,18 @@
(des_cblock *)newlandes, ks1, DES_ENCRYPT);
des_ecb_encrypt((des_cblock *)(lanman+8),
(des_cblock *)&newlandes[8], ks2, DES_ENCRYPT);
@ -160,9 +154,11 @@ Updated by Philippe Coval <rzr@gna.org> for debian
if (gverbose) {
hexprnt("NEW DES crypt : ",(unsigned char *)despw,16);
--- a/Makefile
+++ b/Makefile
@@ -2,28 +2,10 @@
diff -ur chntpw-110511.orig/Makefile chntpw-110511/Makefile
--- chntpw-110511.orig/Makefile 2011-05-11 12:33:56.000000000 -0700
+++ chntpw-110511/Makefile 2011-11-01 13:32:10.598579767 -0700
@@ -1,28 +1,11 @@
#
# Makefile for the Offline NT Password Editor
#
-#
@ -187,9 +183,8 @@ Updated by Philippe Coval <rzr@gna.org> for debian
-
-
-# This is to link with whatever we have, SSL crypto lib we put in static
-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a
-LIBS=-L$(OSSLLIB)
-LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a
+LIBS=$(shell libgcrypt-config --libs)
all: chntpw chntpw.static cpnt reged reged.static
all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static

34
chntpw-140201-fix-bogus-errno-use.patch
View file

@ -1,34 +0,0 @@
diff -u chntpw-140201.orig/ntreg.c chntpw-140201/ntreg.c
--- chntpw-140201.orig/ntreg.c 2019-06-22 13:09:59.583717369 -0700
+++ chntpw-140201/ntreg.c 2019-06-22 13:16:26.714726148 -0700
@@ -4241,10 +4241,13 @@
do { /* On some platforms read may not block, and read in chunks. handle that */
r = read(hdesc->filedesc, hdesc->buffer + rt, hdesc->size - rt);
rt += r;
- } while ( !errno && (rt < hdesc->size) );
+ } while ( r > 0 && (rt < hdesc->size) );
- if (errno) {
- perror("openHive(): read error: ");
+ if (r <= 0) {
+ if (r < 0)
+ perror("openHive(): read error");
+ else
+ fprintf(stderr, "openHive(): read error: unexpected EOF\n");
closeHive(hdesc);
return(NULL);
}
@@ -4255,10 +4258,10 @@
return(NULL);
}
- if (r < sizeof (*hdesc)) {
+ if (rt < sizeof (*hdesc)) {
fprintf(stderr,
- "file is too small; got %d bytes while expecting %d or more\n",
- r, sizeof (*hdesc));
+ "file is too small; got %d bytes while expecting %zu or more\n",
+ rt, sizeof (*hdesc));
closeHive(hdesc);
return(NULL);
}

10
chntpw-140201-get_abs_path.patch
View file

@ -1,10 +0,0 @@
--- chntpw-140201/ntreg.c.orig 2014-02-01 08:54:37.000000000 -0800
+++ chntpw-140201/ntreg.c 2018-07-02 16:10:39.625152640 -0700
@@ -1511,6 +1511,7 @@
}
strncpy(tmp,path,ABSPATHLEN-1);
+ tmp[ABSPATHLEN-1] = '\0';
if (key->type & 0x20)
keyname = mem_str(key->keyname, key->len_name);

21
chntpw-140201-hexdump-pointer-type.patch
View file

@ -1,21 +0,0 @@
diff -urN chntpw-140201.orig/libsam.c chntpw-140201/libsam.c
--- chntpw-140201.orig/libsam.c 2014-02-01 08:54:37.000000000 -0800
+++ chntpw-140201/libsam.c 2024-08-03 15:31:41.817601486 -0700
@@ -511,7 +511,7 @@
if (gverbose) printf("put_grp_members_sid: ajusted: mofs = %x, mlen = %x (%d)\n", mofs + 0x34 ,mlen,mlen);
- if (gverbose) hexdump(&c->data, 0, c->len, 1);
+ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1);
/* Get total size of new SID data */
@@ -539,7 +539,7 @@
cd->members_len = sidlen; /* Update member count in C struct */
cd->grp_members = i;
- if (gverbose) hexdump(&c->data, 0, c->len, 1);
+ if (gverbose) hexdump((char*)&c->data, 0, c->len, 1);
if (!put_buf2val(hdesc, c, 0, g, 0, TPF_VK_EXACT)) {
fprintf(stderr,"put_grp_members_sid: could not write back group info in value %s\n",g);

96
chntpw-chntpw.8 Normal file
View file

@ -0,0 +1,96 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH CHNTPW 8 "30th May 2002"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
chntpw \- utility to overwrite Windows NT/2000 SAM passwords
.SH SYNOPSIS
.B chntpw
.RI [ options ]
.RI < samfile >
.RI [ systemfile ]
.RI [ securityfile ]
.RI [ otherreghive ]
.RI [...]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B chntpw
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B chntpw
is a utility to view some information and change user passwords
in a Windows NT/2000 SAM userdatabase file. It is not necessary to
know the old passwords to reset them. In addition it contains a
simple registry editor (same size data writes)
and hex-editor with which the information contained in a registry
file can be browsed and modified.
.SH OPTIONS
.TP
.B \-h
Show summary of options.
.TP
.B \-u username
Username to change. Default is Administrator
.TP
.B \-l
List all users in the SAM database.
.TP
.B \-i
Interactive: list all users (as per \-l) and then ask for the
user to change.
.TP
.B \-e
Registry editor with limited capabilities.
.TP
.B \-d
Use buffer debugger.
.TP
.B \-t
Show hexdumps of structs/segments (deprecated debug function).
.SH EXAMPLES
.TP
.B chntpw sam system
Opens registry hives
.B sam
and
.B system
and change administrator account. This will work even if the name
has been changed or it has been localized (since different language
versions of NT use different administrator names).
.TP
.B chntpw -u jabbathehutt mysam
Prompts for password for
.B jabbathehutt
and changes it in the
.B mysam
registry file, if found (otherwise do nothing)
.SH SEE ALSO
If you are looking for an automated procedure for password
recovery, you might look at the bootdisks provided by the
upstream author at
.BR http://home.eunet.no/~pnordahl/ntpasswd/
.br
There is more information on how this program works available at
.IR /usr/share/doc/chntpw .
This information includes in-depth information on how the
registry works, what are syskeys and some other issues.
.SH AUTHOR
This manual page was written by
Javier Fernandez-Sanguino <jfs@computer.org>,
for the Debian GNU/Linux system (but may be used by others).

157
chntpw.8
View file

@ -1,157 +0,0 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH CHNTPW 8 "13th March 2010"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
chntpw \- utility to overwrite passwords of Windows systems
.SH SYNOPSIS
.B chntpw
.RI [ options ]
.RI < samfile >
.RI [ systemfile ]
.RI [ securityfile ]
.RI [ otherreghive ]
.RI [...]
.br
.SH DESCRIPTION
This manual page documents briefly the
.B chntpw
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B chntpw
is a utility to view some information and reset user passwords
in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows
Operating System (in NT3.x and later versions). This file is usually located at
\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to
know the previous passwords to reset them. In addition it contains a simple
registry editor and ahex-editor with which the information contained in a
registry file can be browsed and modified.
This program should be able to handle both 32 and 64 bit Microsoft Windows and
all versions from NT3.x up to Win8.1.
.SH OPTIONS
.TP
.B \-h
Show a summary of options.
.TP
.B \-u username
Username or username ID (RID) to change. The default is 'Administrator'.
.TP
.B \-l
List all users in the SAM database and exit.
.TP
.B \-i
Interactive Menu system: list all users (as per \-l option) and then ask for the
user to change.
.TP
.B \-e
Registry editor with limited capabilities (but it does include write support). For a
slightly more powerful editor see
.B reged
.TP
.B \-d
Use buffer debugger instead (hex editor)
.B \-L
Log all changed filenames to /tmp/changed. When this option is set the
program automatically saves the changes in the hive files without prompting the
user.
Be careful when using the \fB-L\fR option as a root user in a multiuser system.
The filename is fixed and this can be used by malicious users (dropping a
symlink with the same name) to overwrite system files.
.TP
.B \-N
Do not allocate more information, only allow the editing of existing values
with same size.
.TP
.B \-E
Do not expand the hive file (safe mode).
.TP
.B \-v
Print verbose information and debug messages.
.SH EXAMPLES
.TP
.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
Mount the Windows file system and enters the directory
.B \\\\WINDOWS\\\\system32\\\\config
where Windows stores the SAM database.
.TP
.B chntpw SAM system
Opens registry hives
.B SAM
and
.B system
and change administrator account. This will work even if the name
has been changed or it has been localized (since different language
versions of NT use different administrator names).
.TP
.B chntpw -l SAM
Lists the users defined in the
.B SAM
registry file.
.TP
.B chntpw -u jabbathehutt SAM
Prompts for password for
.B jabbathehutt
and changes it in the
.B SAM
registry file, if found (otherwise do nothing).
.SH KNOWN BUGS
This program uses undocumented structures in the SAM database. Use with
caution (i.e. make sure you make a backup of the file before any changes
are done).
Password changing is only possible if the program has been specifically
compiled with some cryptographic functions. This feature, however, only
works properly in Windows NT and Windows 2000 systems. It might not
work properly in Windows XP, Vista, Win7, Win8 and later systems.
In the Debian distribution this feature is not enabled.
.SH SEE ALSO
.B reged, samusrgrp, sampasswd
If you are looking for an automated procedure for password
recovery, you might want to check the bootdisks (can be used in CD
and USB drives) provided by the upstream author at
.BR http://pogostick.net/~pnh/ntpasswd/
.br
You will find more information available on how this program works, including
in-depth details on how the registry works, in the text files
.IR /usr/share/doc/chntpw/README.txt
and
.IR /usr/share/doc/chntpw/MANUAL.txt
.SH AUTHOR
This program was written by Petter N Hagen.
This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
for the Debian GNU/Linux system (but may be used by others).

179
chntpw.spec
View file

@ -1,28 +1,24 @@
Name: chntpw
# Version is taken from HISTORY.txt
Version: 1.00
Release: 20.140201%{?dist}
Version: 0.99.6
Release: 17.110511%{?dist}
Summary: Change passwords in Windows SAM files
# Automatically converted from old format: GPLv2 - review is highly recommended.
License: GPL-2.0-only
URL: http://pogostick.net/~pnh/ntpasswd/
Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-140201.zip
Group: Applications/Engineering
License: GPLv2
URL: http://pogostick.net/~pnh/ntpasswd/
Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-110511.zip
Source2: chntpw-README.Dist
# The man pages are borrowed from Debian
Source10: chntpw.8
Source11: reged.8
Source12: sampasswd.8
Source13: samusrgrp.8
# The man page is borrowed from Debian
Source3: chntpw-chntpw.8
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gcc
BuildRequires: libgcrypt-devel
BuildRequires: make
# Patches sent upstream on 2009-06-08.
Patch1: chntpw-140201-get_abs_path.patch
Patch1: chntpw-110511-get_abs_path.patch
# Patch from Debian (RHBZ#504595).
Patch3: chntpw-140201-port-to-gcrypt-debian.patch
Patch3: chntpw-110511-port-to-gcrypt-debian.patch
# Patches from Jim Meyering to improve robustness of the code.
Patch4: chntpw-110511-robustness.patch
@ -30,175 +26,62 @@ Patch5: chntpw-080526-correct-test-for-failing-open-syscall.patch
Patch6: chntpw-110511-detect-failure-to-write-key.patch
Patch7: chntpw-110511-reged-no-deref-null.patch
# Patch derived from Oleg Samarin (RHBZ#1645886)
Patch8: chntpw-140201-fix-bogus-errno-use.patch
# Cast around new GCC error for mismatched pointer arguments
Patch9: chntpw-140201-hexdump-pointer-type.patch
%description
This is a utility to (re)set the password of any user that has a valid
(local) account on your Windows NT/2k/XP/Vista etc system. You do not
need to know the old password to set a new one. It works offline, that
is, you have to shutdown your computer and boot off a floppy disk or CD
is, you have to shutdown your computer and boot off a floppydisk or CD
or another system. Will detect and offer to unlock locked or disabled
out user accounts! There is also a registry editor and other registry
utilities that works under Linux/Unix, and can be used for other things
utilities that works under linux/unix, and can be used for other things
than password editing.
%prep
%setup -q -n %{name}-140201
%setup -q -n %{name}-110511
cp -p %{SOURCE2} README.Dist
sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol
touch -c -r WinReg.txt WinReg.txt.eol
mv WinReg.txt.eol WinReg.txt
%patch -P1 -p1
%patch -P3 -p1
%patch -P4 -p1
%patch -P5 -p1
%patch -P6 -p1
%patch -P7 -p1
%patch -P8 -p1
%patch -P9 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" \
chntpw cpnt reged sampasswd samusrgrp
make CC="%__cc" EXTRA_CFLAGS="$RPM_OPT_FLAGS" chntpw cpnt reged
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_bindir}
cp chntpw cpnt reged sampasswd samusrgrp $RPM_BUILD_ROOT%{_bindir}
cp chntpw $RPM_BUILD_ROOT%{_bindir}
cp cpnt $RPM_BUILD_ROOT%{_bindir}
cp reged $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/
cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
$RPM_BUILD_ROOT%{_mandir}/man8/
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc GPL.txt LGPL.txt README.txt regedit.txt WinReg.txt HISTORY.txt
%doc README.Dist
%{_bindir}/chntpw
%{_bindir}/cpnt
%{_bindir}/reged
%{_bindir}/sampasswd
%{_bindir}/samusrgrp
%{_mandir}/man8/*.8*
%{_mandir}/man8/%{name}.8*
%changelog
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-20.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-19.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Aug 03 2024 Conrad Meyer <cemeyer@uw.edu> - 1.00-18.140201
- Add fix for rhbz# 2300591.
* Mon Jul 29 2024 Miroslav Suchý <msuchy@redhat.com> - 1.00-17.140201
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-16.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-15.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-14.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-13.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-12.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-11.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-10.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-9.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-8.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-7.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-6.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-5.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Jun 22 2019 Conrad Meyer <cemeyer@uw.edu> - 1.00-4.140201
- Add fix for rhbz# 1645886. Thanks Oleg Samarin.
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-3.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 19 2018 Conrad Meyer <cemeyer@uw.edu> - 1.00-2.140201
- Add missing GCC BR after removal from buildroot
- Unfuck version number bumped incorrectly by RE
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.00-1.140201
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Conrad Meyer <cemeyer@uw.edu> - 1.00-0.140201
- Update to latest upstream, 1.00 / 140201
- Rebase patches as needed
- Import additional and enhanced manual pages from Debian
- Adds two new binaries: sampasswd and samusrgrp
- Clean up rpmlint warnings (tabs, spelling, log date)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.6-30.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.6-29.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.6-28.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.6-27.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.99.6-26.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-25.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-24.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-23.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 23 2014 Tomáš Mráz <tmraz@redhat.com> - 0.99.6-22.110511
- Rebuild for new libgcrypt
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-21.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-20.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-19.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.6-18.110511
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sun Dec 18 2011 Conrad Meyer <konrad@tylerc.org> - 0.99.6-17.110511
- Fix 'robustness' patch (#755622)
@ -239,7 +122,7 @@ cp -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 0.99.6-6
- rebuild with new openssl
* Sun Oct 12 2008 Conrad Meyer <konrad@tylerc.org> - 0.99.6-5
* Sun Oct 11 2008 Conrad Meyer <konrad@tylerc.org> - 0.99.6-5
- Bump because force-tag was removed. Please add it back.
* Sat Oct 11 2008 Conrad Meyer <konrad@tylerc.org> - 0.99.6-4

120
reged.8
View file

@ -1,120 +0,0 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH REGED 8 "6th August 2014"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
reged \- utility to export/import and edit a Windows registry hives
.SH SYNOPSIS
.B reged
.RI [ options ]
.RI -x <registryhivefile> <prefixstring> <key> <output.reg>
.B reged
.RI [ options ]
.RI -I <registryhivefile> <prefixstring> <input.reg>
.B reged
.RI [ options ]
.RI -e <registryhivefile>
.br
.SH DESCRIPTION
This manual page documents briefly the
.B reged
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B reged
is the an interactive command line utility that can be used to
export, import or edit a Microsoft Windows registry hive.
.SH OPTIONS
.TP
.B \-h
Show summary of options.
.TP
.B \-x <registryhivefile> <prefixstring> <key> <output.reg>
Export parts of a hive file to a text registry (.reg) file.
Prefixstring indicates the part of the registry hive to dump (for example
HKEY_LOCAL_MACHINE\\SOFTWARE). The <key> parameter defines the key to dump
(recursively). You can use \\ or \\\\ to list all the keys in the hive file.
Only one hive file and one .reg file can be defined.
.TP
.B \-I <registryhivefile> <prefixstring> <input.reg>
Import the content of the input.reg file into the registry file. The value
<prefixstring> can be any valid prefix, for example is
HKEY_LOCAL_MACHINE\\SOFTWARE.
Only one .reg and one hive file supported at the same time
.TP
.B \-e <registryhive> ...
Interactive edit one or more registry files.
.TP
.B \-L
Log all changed filenames to /tmp/changed. When this option is set the
program automatically saves the changes in the hive files without prompting the
user.
Be careful when using the \fB-L\fR option as a root user in a multiuser system.
The filename is fixed and this can be used by malicious users (dropping a
symlink with the same name) to overwrite system files.
.TP
.B \-C
Automatically save all changes. Do not prompt the user.
.TP
.B \-N
Do not allocate more information, only allow the editing of existing values with same size.
.TP
.B \-E
Do not expand the hive file (safe mode).
.TP
.B \-t
Print debug information of allocated blocks.
.TP
.B \-v
Print verbose information and debug messages.
.SH KNOWN BUGS
There are many \fBunknown\fR bugs. If you find bugs please report them to the author.
.SH SEE ALSO
.B chntpwd, samusrgrp, sampasswd
.br
You will find more information available on how this program works, in the
text files
.IR /usr/share/doc/chntpw/README.txt
and
.IR /usr/share/doc/chntpw/MANUAL.txt
.SH AUTHOR
This program was written by Petter N Hagen.
This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
for the Debian GNU/Linux system (but may be used by others).

120
sampasswd.8
View file

@ -1,120 +0,0 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH SAMPASSWD 8 "6th August 2014"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
sampasswd \- reset passwords of users in the SAM user database
.SH SYNOPSIS
.B sampasswd
.RI [ options ]
.RI -u user
.RI < samfile >
.br
.SH DESCRIPTION
This manual page documents briefly the
.B sampasswd
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B sampasswd
is a non-interactive command line utility that can reset a user's
password and/or the user's account bits from the SAM user database file of a
Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.).
This file is usually located at
\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows
Operating System
On success, the program does not output any informatin and the exit code is 0.
.SH OPTIONS
.TP
.B \-h
Show summary of options.
.TP
.B \-r
Reset the user's password.
.TP
.B \-a
Reset all the users. If this option is used there is no need to specify the next option.
.TP
.B \-u <user>
User to change. The user value can be provided as a username, or a RID number in
hexadecimal (if the username is preceded with '0x'). Usernames including
international characters will probably not work.
.TP
.B \-l
Lists the users in the SAM database.
.TP
.B \-H
Output human readable output. The program by default will print a parsable table unless
this option is used.
.TP
.B \-N
Do not allocate more information, only allow the editing of existing values with same size.
.TP
.B \-E
Do not expand the hive file (safe mode).
.TP
.B \-t
Print debug information of allocated blocks.
.TP
.B \-v
Print verbose information and debug messages.
.SH EXAMPLES
.TP
.B sampasswd -r -u theboss
Reset the password of a user named 'theboss', if found.
.TP
.B sampasswd -r -u 0x3ea
Reset the password of the user with RID '0x3a'.
.TP
.B samusrgrp -r -a
Reset the password of all the users in the Administrator's group (0x220)
.TP
.B samusrgrp -r -f
Reset the password of the administrative users with the lowest RID number.
This does not include the built-in administrator (0x1f4) unless no other
administrative user can be found in the database file.
.SH KNOWN BUGS
If the username includes international (non-ASCII) characters the program
will not (usually) find it. Use the RID number instead.
.SH SEE ALSO
.B chntpwd, reged, samusrgrp
.br
You will find more information available on how this program works, in the
text files
.IR /usr/share/doc/chntpw/README.txt
and
.IR /usr/share/doc/chntpw/MANUAL.txt
More documentation is available at the upstream's author site:
.BR http://pogostick.net/~pnh/ntpasswd/
.SH AUTHOR
This program was written by Petter N Hagen.
This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
for the Debian GNU/Linux system (but may be used by others).

130
samusrgrp.8
View file

@ -1,130 +0,0 @@
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH SAMUSRGRP 8 "6th August 2014"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
samusrgrp \- add or remove users from groups in SAM database files
.SH SYNOPSIS
.B samusrgrp
.RI [ options ]
.RI < samfile >
.br
.SH DESCRIPTION
This manual page documents briefly the
.B samusrgrp
command.
This manual page was written for the Debian distribution
because the original program does not have a manual page.
.PP
.B samusrgrp
is a non-interactive command line utility that can add or remove
a user from a local group that exists in the SAM user database of a
Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.).
This file is usually located at
\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows
Operating System
On success, the program does not output any informatin and the exit code is 0.
The binary program supports multiple names. If it is called named
.B samusrtogrp
it will assume \fB-a\fR mode (add user). If it is called named
.B samusrfromgrp
it will assume \fB-r\fR mode (remove user).
.SH OPTIONS
.TP
.B \-h
Show summary of options.
.TP
.B \-a
The user is added to the group. This option has to be followed
by \-u and \-g .
.TP
.B \-r
The user is removed from the group. This option has to be followed
by \-u and \-g .
.TP
.B \-u <user>
User to change. The user value can be provided as a username, or a RID number in
hexadecimal (if the username is preceded with '0x'). Usernames including
international characters will probably not work.
.TP
.B \-g <group>
Group to change. The group can only be given as a group number, in hexadecimal, preceded with
with '0x'.
.TP
.B \-l
Lists the groups in the SAM database.
.TP
.B \-L
Lists the groups in the SAM database as well as their members.
.TP
.B \-s
Print the machine SID.
.TP
.B \-H
Output human readable output. The program by default will print a parsable table unless
this option is used.
.TP
.B \-N
Do not allocate more information, only allow the editing of existing values
with same size.
.TP
.B \-E
Do not expand the hive file (safe mode).
.TP
.B \-t
Print debug information of allocated blocks.
.TP
.B \-v
Print verbose information and debug messages.
.SH EXAMPLES
.TP
.B samusrgrp -a -u theboss -g 0x220 SAMFILE
Adds a user named 'theboss' to the group 0x220 (Administrators)
.TP
.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE
Adds a user with the id '0x3aa' to the group 0x221 (Users)
.TP
.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE
Remove a user with the id '0x3ff' from the group 0x221 (Users)
.SH KNOWN BUGS
If the username includes international (non-ASCII) characters the program
will not (usually) find it. Use the RID number instead.
.SH SEE ALSO
.B chntpwd, reged, sampasswd
.br
You will find more information available on how this program works, in the
text files
.IR /usr/share/doc/chntpw/README.txt
and
.IR /usr/share/doc/chntpw/MANUAL.txt
More documentation is available at the upstream's author site:
.BR http://pogostick.net/~pnh/ntpasswd/
.SH AUTHOR
This program was written by Petter N Hagen.
This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
for the Debian GNU/Linux system (but may be used by others).

2
sources
View file

@ -1 +1 @@
SHA512 (chntpw-source-140201.zip) = a26d747f6e077d1bb3e9b8077781f8c37dd978e07b7426495862f15c9004572b706c34736fc4d1ed8856b1a43335d726b4d87c688f7f9a11fd6cc3a74d71a7fa
a3fb358d1adec589cd6bc8dedf68896c chntpw-source-110511.zip