⚠️

Legal Disclaimer & Terms of Use

Please read carefully before proceeding

By accessing this educational guide, you acknowledge and agree to the following terms:

This guide has been created with the sole purpose of education and to assist legitimate users in recovering access to their own Windows computers when they have forgotten their login passwords.

The information, tools, and methods described on this page are intended ONLY for use on:

Computer systems that you personally own, or
Systems for which you have received explicit written consent from the legal owner

WebPCDesigns.com and its owner, John Hawkins, explicitly state that:

We do not encourage or condone any illegal activities
We will not provide assistance for unauthorized access to computer systems
We take no responsibility for misuse of this information
We do not support actions that violate ethical or legal standards

This guide should only be used by individuals who:

Have familiarity with Linux terminal commands
Understand how to create bootable USB drives
Accept full responsibility for any consequences of their actions

Any damage, data loss, or legal consequences resulting from the misuse or misunderstanding of this information is entirely the user's responsibility. Use at your own risk.

I confirm that I will ONLY use this information and tools on computer systems that I personally own, or for which I have received explicit written consent from the rightful owner.

I understand and agree that I will NOT use this information for any illegal purposes, unauthorized access, data theft, or any activities that could cause harm or violate the privacy of others.

I have read and fully understand all terms stated in this disclaimer. I accept full responsibility for my actions and acknowledge that WebPCDesigns.com and John Hawkins bear no liability for any misuse of this information.

🔓 Windows Password Recovery Using Kali Linux

November 26, 2025 Security & Recovery Educational Purpose Only

A comprehensive educational guide on recovering access to your Windows PC when you've forgotten your local account password using Kali Linux Live USB and chntpw.

📥 Required Tools

💿

Kali Linux Live ISO

Official Source: Kali.org
Version: Latest Stable Release
Size: ~4.5 GB
Architecture: 64-bit (amd64)

⬇️ Download from Kali.org (Official)

Always download from official sources to ensure file integrity

🔧

Rufus USB Creator

Purpose: Create Bootable USB
Platform: Windows
Size: ~1.9 MB
License: Free & Open Source

⬇️ Download Rufus 4.11

Hosted locally for your convenience

📋 Creating a Bootable USB with Rufus

1. Download Required Files

Download both the Kali Linux ISO from the official website and Rufus from above.

2. Prepare USB Drive

Insert a USB drive with at least 8GB capacity. ⚠️ All data will be erased!

3. Launch Rufus

Double-click rufus-4.11.exe - no installation needed. Allow admin privileges if prompted.

4. Configure Settings

Device: Select your USB drive
Boot selection: Click "SELECT" and choose the Kali ISO
Partition scheme: GPT for UEFI (modern) or MBR for Legacy BIOS (older)
File system: FAT32 (recommended)

5. Write ISO Mode

When prompted, select "Write in ISO Image mode" for Kali Linux Live.

6. Create Bootable USB

Click "START". Process takes 5-15 minutes depending on USB speed.

7. Boot from USB

Restart your computer
Press boot menu key (F12, F2, ESC, or DEL)
Select USB drive from boot menu
Choose "Live system (forensic mode)"

🔓 Password Recovery Process

⚠️ Important: Before You Begin

This works on local Windows accounts only - NOT Microsoft cloud accounts
Boot into Forensic Mode to prevent auto-mounting
BitLocker encrypted drives require the recovery key first
Disable Secure Boot in BIOS for best compatibility

1. Find and Mount Windows Partition

sudo fdisk -l
sudo mkdir /mnt/windows
sudo mount -t ntfs-3g -o rw,remove_hiberfile /dev/sdaX /mnt/windows

Replace /dev/sdaX with your Windows partition (usually sda2 or sda3)

2. Navigate to SAM Database

cd /mnt/windows/Windows/System32/config

3. List User Accounts

sudo chntpw -l SAM

This displays all local user accounts on the system.

4. Reset Password (Interactive Mode)

sudo chntpw -i SAM

Interactive menu navigation:

Press 1 → Edit user data and passwords
Enter the username or RID number
Press 1 again → Clear/blank the password
Press q → Quit the editor
Press y → Save changes to disk

5. Sync and Unmount

sync
cd ~
sudo umount /mnt/windows
sudo reboot

Critical: Always run sync to flush changes to disk before unmounting!

🛠️ Common Issues & Solutions

🚨 "Partition is hibernated" Error

Windows Fast Startup or hibernation locks the filesystem.

sudo mount -t ntfs-3g -o remove_hiberfile /dev/sdaX /mnt/windows

Alternative: Use ntfsfix to remove hibernation

sudo ntfsfix /dev/sdaX
sudo mount /dev/sdaX /mnt/windows

🔒 Read-Only Mount Issue

If changes don't persist after reboot, remount with read-write:

sudo umount /mnt/windows
sudo mount -t ntfs-3g -o rw,remove_hiberfile /dev/sdaX /mnt/windows
# Verify it's read-write
mount | grep /mnt/windows

📁 Can't Find SAM File

You might have mounted the recovery partition instead:

Run sudo fdisk -l and look for the largest NTFS partition
Try: ls -la /mnt/windows/windows/system32/config/ (lowercase)
Unmount and try a different partition

💡 Verify Mount Success

After mounting, confirm Windows files are accessible:

# Check mount status
lsblk
# Verify files exist
ls -la /mnt/windows/Windows/System32/config/

You should see: SAM, SYSTEM, SOFTWARE, etc.

⚠️ Critical Reminders

Local accounts only: This does NOT work on Microsoft accounts (cloud-based)
Clears password: Makes it blank, doesn't reveal the original
BitLocker: Encrypted drives need the recovery key first
Always sync: Run sync after changes before unmounting
Clean unmount: Exit directories with cd ~ before umount
Responsibility: Use only on systems you own or have permission to access

Need Professional Assistance?

If you're uncomfortable with these procedures or need help with PC recovery, our team provides professional technical support services.

Contact WebPC Designs