Code
Sign up
Login
New paste
Home
Trending
Archive
English
Deutsch
English
Sign up
Login
New Paste
Browse
demo@mx1:/ $ setxkbmap de demo@mx1:/ $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 2.6G 1 loop /live/linux sda 8:0 0 1.8T 0 disk ├─sda1 8:1 0 100M 0 part ├─sda2 8:2 0 16M 0 part ├─sda3 8:3 0 1.8T 0 part /mnt/windows └─sda4 8:4 0 773M 0 part sdb 8:16 1 7.3G 0 disk └─sdb1 8:17 1 7.3G 0 part /home/demo/Live-usb-storage /root/Live-usb-storage /live/boot-dev sr0 11:0 1 1024M 0 rom demo@mx1:/ $ blkid /dev/sda1: UUID="6E47-6871" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="17554526-8baf-448a-9274-45d78c622af0" /dev/sda3: BLOCK_SIZE="512" UUID="A2F44987F4495F23" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="c06d52cc-18d6-4e20-9244-6b6f65924c14" /dev/sda4: BLOCK_SIZE="512" UUID="4C3EE1243EE10832" TYPE="ntfs" PARTUUID="73ab11e5-405c-46ee-af26-56d9cdaa3362" /dev/sdb1: LABEL="MX-LIVE" UUID="BEBD-B6AD" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="1371a1ae-01" demo@mx1:/ $ sudo apt-get install os-prober Reading package lists... Done Building dependency tree... Done Reading state information... Done os-prober is already the newest version (1.81). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. demo@mx1:/ $ sudo os-prober demo@mx1:/ $ cd /var/log/ demo@mx1:/var/log $ cat user.log cat: user.log: Permission denied demo@mx1:/var/log $ sudo cat user.log 2024-12-27T15:31:59.764056-05:00 mx1 spice-vdagent[4369]: vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0 does not exist, exiting 2024-12-27T16:22:11.943502-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda1 2024-12-27T16:22:11.983523-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda2 2024-12-27T16:22:12.005131-05:00 mx1 50mounted-tests: debug: /dev/sda2 type not recognised; skipping 2024-12-27T16:22:12.009715-05:00 mx1 os-prober: debug: os detected by /usr/lib/os-probes/50mounted-tests 2024-12-27T16:22:12.025361-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda3 2024-12-27T16:22:12.057342-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda4 2024-12-27T16:22:12.105130-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/05efi on mounted /dev/sdb1 2024-12-27T16:22:12.112287-05:00 mx1 05efi: debug: Not on UEFI platform 2024-12-27T16:22:12.117062-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/10freedos on mounted /dev/sdb1 2024-12-27T16:22:12.124132-05:00 mx1 10freedos: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:12.132615-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/10qnx on mounted /dev/sdb1 2024-12-27T16:22:12.139776-05:00 mx1 10qnx: debug: /dev/sdb1 is not a QNX4 partition: exiting 2024-12-27T16:22:12.144340-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/20macosx on mounted /dev/sdb1 2024-12-27T16:22:12.151427-05:00 mx1 macosx-prober: debug: /dev/sdb1 is not an HFS+ partition: exiting 2024-12-27T16:22:12.156096-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/20microsoft on mounted /dev/sdb1 2024-12-27T16:22:12.163318-05:00 mx1 20microsoft: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:12.182596-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/30utility on mounted /dev/sdb1 2024-12-27T16:22:12.189760-05:00 mx1 30utility: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:12.201885-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/40lsb on mounted /dev/sdb1 2024-12-27T16:22:12.209589-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/70hurd on mounted /dev/sdb1 2024-12-27T16:22:12.217028-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/80minix on mounted /dev/sdb1 2024-12-27T16:22:12.224330-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/83haiku on mounted /dev/sdb1 2024-12-27T16:22:12.231416-05:00 mx1 83haiku: debug: /dev/sdb1 is not a BeFS partition: exiting 2024-12-27T16:22:12.236116-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/90linux-distro on mounted /dev/sdb1 2024-12-27T16:22:12.250550-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/90solaris on mounted /dev/sdb1 2024-12-27T16:22:21.384742-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda1 2024-12-27T16:22:21.744410-05:00 mx1 50mounted-tests: debug: mounted using GRUB fat filesystem driver 2024-12-27T16:22:21.749441-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/05efi 2024-12-27T16:22:21.756160-05:00 mx1 05efi: debug: Not on UEFI platform 2024-12-27T16:22:21.760736-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10freedos 2024-12-27T16:22:21.767495-05:00 mx1 10freedos: debug: /dev/sda1 is a FAT partition (mounted by GRUB) 2024-12-27T16:22:21.776282-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10qnx 2024-12-27T16:22:21.783084-05:00 mx1 10qnx: debug: /dev/sda1 is not a QNX4 partition: exiting 2024-12-27T16:22:21.787622-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20macosx 2024-12-27T16:22:21.794402-05:00 mx1 macosx-prober: debug: /dev/sda1 is not an HFS+ partition: exiting 2024-12-27T16:22:21.798947-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20microsoft 2024-12-27T16:22:21.805798-05:00 mx1 20microsoft: debug: /dev/sda1 is a FAT partition (mounted by GRUB) 2024-12-27T16:22:21.826476-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/30utility 2024-12-27T16:22:21.833392-05:00 mx1 30utility: debug: /dev/sda1 is a FAT partition (mounted by GRUB) 2024-12-27T16:22:21.845967-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/40lsb 2024-12-27T16:22:21.853230-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/70hurd 2024-12-27T16:22:21.860399-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/80minix 2024-12-27T16:22:21.867438-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/83haiku 2024-12-27T16:22:21.874229-05:00 mx1 83haiku: debug: /dev/sda1 is not a BeFS partition: exiting 2024-12-27T16:22:21.878914-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90linux-distro 2024-12-27T16:22:21.894437-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90solaris 2024-12-27T16:22:21.901881-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/efi 2024-12-27T16:22:21.928222-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda2 2024-12-27T16:22:21.993571-05:00 mx1 50mounted-tests: debug: /dev/sda2 type not recognised; skipping 2024-12-27T16:22:21.998587-05:00 mx1 os-prober: debug: os detected by /usr/lib/os-probes/50mounted-tests 2024-12-27T16:22:22.014043-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda3 2024-12-27T16:22:22.305299-05:00 mx1 50mounted-tests: debug: mounted using GRUB ntfs filesystem driver 2024-12-27T16:22:22.309713-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/05efi 2024-12-27T16:22:22.316426-05:00 mx1 05efi: debug: Not on UEFI platform 2024-12-27T16:22:22.320891-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10freedos 2024-12-27T16:22:22.327677-05:00 mx1 10freedos: debug: /dev/sda3 is not a FAT partition: exiting 2024-12-27T16:22:22.332131-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10qnx 2024-12-27T16:22:22.338912-05:00 mx1 10qnx: debug: /dev/sda3 is not a QNX4 partition: exiting 2024-12-27T16:22:22.343388-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20macosx 2024-12-27T16:22:22.350443-05:00 mx1 macosx-prober: debug: /dev/sda3 is not an HFS+ partition: exiting 2024-12-27T16:22:22.354919-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20microsoft 2024-12-27T16:22:22.361954-05:00 mx1 20microsoft: debug: /dev/sda3 is a NTFS partition 2024-12-27T16:22:23.025233-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/30utility 2024-12-27T16:22:23.033023-05:00 mx1 30utility: debug: /dev/sda3 is not a FAT partition: exiting 2024-12-27T16:22:23.038130-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/40lsb 2024-12-27T16:22:23.046082-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/70hurd 2024-12-27T16:22:23.053389-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/80minix 2024-12-27T16:22:23.060411-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/83haiku 2024-12-27T16:22:23.067176-05:00 mx1 83haiku: debug: /dev/sda3 is not a BeFS partition: exiting 2024-12-27T16:22:23.071664-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90linux-distro 2024-12-27T16:22:23.112698-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90solaris 2024-12-27T16:22:23.119945-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/efi 2024-12-27T16:22:23.143811-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda4 2024-12-27T16:22:23.529019-05:00 mx1 50mounted-tests: debug: mounted using GRUB ntfs filesystem driver 2024-12-27T16:22:23.533579-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/05efi 2024-12-27T16:22:23.541914-05:00 mx1 05efi: debug: Not on UEFI platform 2024-12-27T16:22:23.546921-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10freedos 2024-12-27T16:22:23.553790-05:00 mx1 10freedos: debug: /dev/sda4 is not a FAT partition: exiting 2024-12-27T16:22:23.558467-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/10qnx 2024-12-27T16:22:23.565302-05:00 mx1 10qnx: debug: /dev/sda4 is not a QNX4 partition: exiting 2024-12-27T16:22:23.570056-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20macosx 2024-12-27T16:22:23.576869-05:00 mx1 macosx-prober: debug: /dev/sda4 is not an HFS+ partition: exiting 2024-12-27T16:22:23.581357-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/20microsoft 2024-12-27T16:22:23.588145-05:00 mx1 20microsoft: debug: /dev/sda4 is a NTFS partition 2024-12-27T16:22:23.719608-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/30utility 2024-12-27T16:22:23.726397-05:00 mx1 30utility: debug: /dev/sda4 is not a FAT partition: exiting 2024-12-27T16:22:23.730943-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/40lsb 2024-12-27T16:22:23.738270-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/70hurd 2024-12-27T16:22:23.745699-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/80minix 2024-12-27T16:22:23.752940-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/83haiku 2024-12-27T16:22:23.759650-05:00 mx1 83haiku: debug: /dev/sda4 is not a BeFS partition: exiting 2024-12-27T16:22:23.764100-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90linux-distro 2024-12-27T16:22:23.799495-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/90solaris 2024-12-27T16:22:23.806827-05:00 mx1 50mounted-tests: debug: running subtest /usr/lib/os-probes/mounted/efi 2024-12-27T16:22:23.843300-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/05efi on mounted /dev/sdb1 2024-12-27T16:22:23.850155-05:00 mx1 05efi: debug: Not on UEFI platform 2024-12-27T16:22:23.854710-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/10freedos on mounted /dev/sdb1 2024-12-27T16:22:23.861642-05:00 mx1 10freedos: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:23.870015-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/10qnx on mounted /dev/sdb1 2024-12-27T16:22:23.877101-05:00 mx1 10qnx: debug: /dev/sdb1 is not a QNX4 partition: exiting 2024-12-27T16:22:23.881674-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/20macosx on mounted /dev/sdb1 2024-12-27T16:22:23.888416-05:00 mx1 macosx-prober: debug: /dev/sdb1 is not an HFS+ partition: exiting 2024-12-27T16:22:23.892927-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/20microsoft on mounted /dev/sdb1 2024-12-27T16:22:23.899744-05:00 mx1 20microsoft: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:23.918919-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/30utility on mounted /dev/sdb1 2024-12-27T16:22:23.925724-05:00 mx1 30utility: debug: /dev/sdb1 is a FAT32 partition 2024-12-27T16:22:23.937692-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/40lsb on mounted /dev/sdb1 2024-12-27T16:22:23.944892-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/70hurd on mounted /dev/sdb1 2024-12-27T16:22:23.952016-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/80minix on mounted /dev/sdb1 2024-12-27T16:22:23.958958-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/83haiku on mounted /dev/sdb1 2024-12-27T16:22:23.965698-05:00 mx1 83haiku: debug: /dev/sdb1 is not a BeFS partition: exiting 2024-12-27T16:22:23.970291-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/90linux-distro on mounted /dev/sdb1 2024-12-27T16:22:23.984280-05:00 mx1 os-prober: debug: running /usr/lib/os-probes/mounted/90solaris on mounted /dev/sdb1 demo@mx1:/var/log $ sudo mkdir /mnt/windows demo@mx1:/var/log $ sudo mount -t ntfs-3g /dev/sda3 /mnt/windows demo@mx1:/var/log $ ls /mnt/windows/Users admin-usc 'All Users' Default 'Default User' desktop.ini Public demo@mx1:/var/log $ find /mnt/windows -type f -size +100M -exec ls -lh {} \; | awk '{ print $NF ": " $5 }' /mnt/windows/hiberfil.sys: 3.2G /mnt/windows/pagefile.sys: 1.9G (x86)/Microsoft/Edge/Application/121.0.2277.106/msedge.dll: 261M (x86)/Microsoft/EdgeCore/121.0.2277.106/msedge.dll: 261M (x86)/Microsoft/EdgeWebView/Application/121.0.2277.106/msedge.dll: 261M /mnt/windows/swapfile.sys: 256M Information/{1b9f0ecc-c34d-11ef-b333-5800e3441bf6}{3808876b-c176-4e48-b7ae-04046e6cc752}: 512M /mnt/windows/Windows/System32/Microsoft-Edge-WebView/msedge.dll: 256M /mnt/windows/Windows/System32/MRT.exe: 181M /mnt/windows/Windows/WinSxS/amd64_microsoft-edge-webview_31bf3856ad364e35_10.0.22621.3007_none_72fe7b4806349259/msedge.dll: 256M demo@mx1:/var/log $ find /mnt/windows -type f \( -name "*.mp4" -o -name "*.mkv" -o -name "*.avi" \) -exec ls -lh {} \; | awk '{ print $NF ": " $5 }' Files/WindowsApps/Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe/PeopleAppAssets/Videos/people_fre_motionAsset_p1.mp4: 34K Files/WindowsApps/Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe/PeopleAppAssets/Videos/people_fre_motionAsset_p2.mp4: 24K Files/WindowsApps/Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe/PeopleAppAssets/Videos/people_fre_motionAsset_p3.mp4: 22K /mnt/windows/Windows/ImmersiveControlPanel/SystemSettings/Assets/SDRSampleAccessibility.mkv: 1.8M /mnt/windows/Windows/SystemApps/Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy/media/oobe-intro.mp4: 580K /mnt/windows/Windows/SystemResources/Windows.UI.SettingsAppThreshold/SystemSettings/Assets/EdrCalibration.mkv: 877K /mnt/windows/Windows/SystemResources/Windows.UI.SettingsAppThreshold/SystemSettings/Assets/HDRSample.mkv: 1.7M /mnt/windows/Windows/SystemResources/Windows.UI.SettingsAppThreshold/SystemSettings/Assets/SDRSample.mkv: 1.8M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.3085_none_fad69a9a12776d02/EdrCalibration.mkv: 877K /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.3085_none_fad69a9a12776d02/HDRSample.mkv: 1.7M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.3085_none_fad69a9a12776d02/SDRSample.mkv: 1.8M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.3085_none_fad69a9a12776d02/SDRSampleAccessibility.mkv: 1.8M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-c..st.appxmain.desktop_31bf3856ad364e35_10.0.22621.2280_none_691866de3f73014d/oobe-intro.mp4: 580K /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-c..st.appxmain.desktop_31bf3856ad364e35_10.0.22621.2506_none_68ef6c1a3f93242e/oobe-intro.mp4: 580K /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.2792_none_fa8c2de212aeffe6/EdrCalibration.mkv: 877K /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.2792_none_fa8c2de212aeffe6/HDRSample.mkv: 1.7M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.2792_none_fa8c2de212aeffe6/SDRSample.mkv: 1.8M /mnt/windows/Windows/WinSxS/amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.2792_none_fa8c2de212aeffe6/SDRSampleAccessibility.mkv: 1.8M $ cd /mnt/windows/Windows/System32/config/ demo@mx1:/mnt/windows/Windows/System32/config $ sudo apt install chntpw -y [sudo] password for demo: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: chntpw 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 99.6 kB of archives. After this operation, 498 kB of additional disk space will be used. Get:1 http://deb.debian.org/debian bookworm/main amd64 chntpw amd64 140201-1 [99.6 kB] Fetched 99.6 kB in 0s (435 kB/s) Selecting previously unselected package chntpw. (Reading database ... 359602 files and directories currently installed.) Preparing to unpack .../chntpw_140201-1_amd64.deb ... Unpacking chntpw (140201-1) ... Setting up chntpw (140201-1) ... Processing triggers for man-db (2.11.2-2) ... demo@mx1:/mnt/windows/Windows/System32/config $ cd /mnt/windows/Windows/System32/config demo@mx1:/mnt/windows/Windows/System32/config $ sudo chntpw -l SAM chntpw version 1.00 140201, (c) Petter N Hagen Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage) Used for data: 318/32576 blocks/bytes, unused: 25/16352 blocks/bytes. | RID -|---------- Username ------------| Admin? |- Lock? --| | 03e9 | admin-usc | ADMIN | | | 01f4 | Administrator | ADMIN | dis/lock | | 01f7 | DefaultAccount | | dis/lock | | 01f5 | Gast | | dis/lock | | 01f8 | WDAGUtilityAccount | | dis/lock | demo@mx1:/mnt/windows/Windows/System32/config $ sudo chntpw -u Administrator SAM chntpw version 1.00 140201, (c) Petter N Hagen Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage) Used for data: 318/32576 blocks/bytes, unused: 25/16352 blocks/bytes. ================= USER EDIT ==================== RID : 0500 [01f4] Username: Administrator fullname: comment : Vordefiniertes Konto f�r die Verwaltung des Computers bzw. der Dom�ne homedir : 00000220 = Administratoren (which has 2 members) Account bits: 0x0211 = [X] Disabled | [ ] Homedir req. | [ ] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 0, while max tries is: 10 Total login count: 0 - - - - User Edit Menu: 1 - Clear (blank) user password 2 - Unlock and enable user account [probably locked now] 3 - Promote user (make user an administrator) 4 - Add user to a group 5 - Remove user from a group q - Quit editing user, back to user select Select: [q] > 1 Password cleared! ================= USER EDIT ==================== RID : 0500 [01f4] Username: Administrator fullname: comment : Vordefiniertes Konto f�r die Verwaltung des Computers bzw. der Dom�ne homedir : 00000220 = Administratoren (which has 2 members) Account bits: 0x0211 = [X] Disabled | [ ] Homedir req. | [ ] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 0, while max tries is: 10 Total login count: 0 ** No NT MD4 hash found. This user probably has a BLANK password! ** No LANMAN hash found either. Try login with no password! - - - - User Edit Menu: 1 - Clear (blank) user password 2 - Unlock and enable user account [probably locked now] 3 - Promote user (make user an administrator) 4 - Add user to a group 5 - Remove user from a group q - Quit editing user, back to user select Select: [q] > q Hives that have changed: # Name 0 <SAM> Write hive files? (y/n) [n] : y 0 <SAM> - OK demo@mx1:/mnt/windows/Windows/System32/config $ sudo chntpw -u admin-usc SAM chntpw version 1.00 140201, (c) Petter N Hagen Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM> ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh> File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage) Used for data: 318/32576 blocks/bytes, unused: 25/16352 blocks/bytes. ================= USER EDIT ==================== RID : 1001 [03e9] Username: admin-usc fullname: comment : homedir : 00000220 = Administratoren (which has 2 members) Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 1, while max tries is: 10 Total login count: 4 - - - - User Edit Menu: 1 - Clear (blank) user password (2 - Unlock and enable user account) [seems unlocked already] 3 - Promote user (make user an administrator) 4 - Add user to a group 5 - Remove user from a group q - Quit editing user, back to user select Select: [q] > 1 Password cleared! ================= USER EDIT ==================== RID : 1001 [03e9] Username: admin-usc fullname: comment : homedir : 00000220 = Administratoren (which has 2 members) Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 1, while max tries is: 10 Total login count: 4 ** No NT MD4 hash found. This user probably has a BLANK password! ** No LANMAN hash found either. Try login with no password! - - - - User Edit Menu: 1 - Clear (blank) user password (2 - Unlock and enable user account) [seems unlocked already] 3 - Promote user (make user an administrator) 4 - Add user to a group 5 - Remove user from a group q - Quit editing user, back to user select Select: [q] > q Hives that have changed: # Name 0 <SAM> Write hive files? (y/n) [n] : y 0 <SAM> - OK demo@mx1:/mnt/windows/Windows/System32/config BOOM! :D
Paste Settings
Paste Title :
[Optional]
Paste Folder :
[Optional]
Select
Syntax Highlighting :
[Optional]
Select
Markup
CSS
JavaScript
Bash
C
C#
C++
Java
JSON
Lua
Plaintext
C-like
ABAP
ActionScript
Ada
Apache Configuration
APL
AppleScript
Arduino
ARFF
AsciiDoc
6502 Assembly
ASP.NET (C#)
AutoHotKey
AutoIt
Basic
Batch
Bison
Brainfuck
Bro
CoffeeScript
Clojure
Crystal
Content-Security-Policy
CSS Extras
D
Dart
Diff
Django/Jinja2
Docker
Eiffel
Elixir
Elm
ERB
Erlang
F#
Flow
Fortran
GEDCOM
Gherkin
Git
GLSL
GameMaker Language
Go
GraphQL
Groovy
Haml
Handlebars
Haskell
Haxe
HTTP
HTTP Public-Key-Pins
HTTP Strict-Transport-Security
IchigoJam
Icon
Inform 7
INI
IO
J
Jolie
Julia
Keyman
Kotlin
LaTeX
Less
Liquid
Lisp
LiveScript
LOLCODE
Makefile
Markdown
Markup templating
MATLAB
MEL
Mizar
Monkey
N4JS
NASM
nginx
Nim
Nix
NSIS
Objective-C
OCaml
OpenCL
Oz
PARI/GP
Parser
Pascal
Perl
PHP
PHP Extras
PL/SQL
PowerShell
Processing
Prolog
.properties
Protocol Buffers
Pug
Puppet
Pure
Python
Q (kdb+ database)
Qore
R
React JSX
React TSX
Ren'py
Reason
reST (reStructuredText)
Rip
Roboconf
Ruby
Rust
SAS
Sass (Sass)
Sass (Scss)
Scala
Scheme
Smalltalk
Smarty
SQL
Soy (Closure Template)
Stylus
Swift
TAP
Tcl
Textile
Template Toolkit 2
Twig
TypeScript
VB.Net
Velocity
Verilog
VHDL
vim
Visual Basic
WebAssembly
Wiki markup
Xeora
Xojo (REALbasic)
XQuery
YAML
HTML
Paste Expiration :
[Optional]
Never
Self Destroy
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Status :
[Optional]
Public
Unlisted
Private (members only)
Password :
[Optional]
Description:
[Optional]
Tags:
[Optional]
Encrypt Paste
(
?
)
Create New Paste
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Site Languages
×
Deutsch
English
Do you like cookies?
🍪 We use cookies to ensure you get the best experience on our website.
Learn more
I agree