Command: ntfs
NTFS is a collection of tools to change the password of a NT user
and to access NTFS files.
chntpw: Lets you change password of a user in a NT SAM file.
You may experiment severe problems with Win2K
ntcat: Dumps the contents of an NTFS file to stdout
ntcp: Read a file on a NTFS drive
ntchange: Change a file on a NTFS drive
ntdir: dir
ntdump: Prints low-level structures of an NTFS
ntgrep:
ntmkdir: Creates a new directory
samdump: Change password of a user in a NT SAM file
Syntax:
chntpw [OPTIONS] <samfile>
ntcat [OPTIONS] [directory/]filename
ntchange [OPTIONS]
ntcp [-V|h] <src> <dst>
ntdir [OPTIONS] path
ntdump [OPTIONS]
ntgrep [OPTIONS] string
ntmkdir [OPTIONS] path
samdump <samfile>
Options:
all: --help, -h Display this help message
chntpw:
-u <user> Username to change, Administrator is default
-l (Try to) list all users in SAM file
-i Interactive. List users (as -l) then ask for
username to change
-e Registry editor (currently read-only)
-d Enter buffer debugger instead (hex editor)
-t Trace. Show hexdump of structs/segments.
(debug function)
See readme file on how to extract/read/write the NT's SAM file if
it's on a NTFS partition. NOTE: This program is somewhat hackish!
You are on your own!
ntcat:
--offset -o offset Use offset
--size, -s size Only first size bytes
--bias, -B bias Use partition bias
--buflen, -b buflen Read with buffer size buflen
--8859-1, -1 Use charset ISO-8859-1 (default is UTF-8)
--version, -V Display version
ntchange:
-o offset Offset in file
-a start size Allocate cluster range
-d start size Deallocate cluster range
-W inum Read and write inode inum
-t newsize Truncate inode to newsize
-i inum Operate on inode inum
-A anum Operate on attribute anum (80)
-L string Make inode a symlink with value string
-n name Create file name in dir inum
-V Print version
ntcp: Files on the NTFS volume are accessed as
//<device>/<path>
ntdir:
--dos, -d Display only short names
--nt, -n Display only long names (default)
--posix, -p Display all but hidden files
--long, -l Display all files
--unsorted, -U Do not sort names alphabetically
--8859-1, -1 Display names using ISO-8859-1 (default is
UTF-8)
ntdump:
--filesystem, -f device Use device
--raw, -r Access the raw device
--offset, -o n Start at offset o
--cluster, -c n Start at cluster n
--mft, -M Display as master file table record
--inode, -i n Display inode n
--dir, -d Display as directory
--info -I Display file system information
--decompress, -D n Decompress run n
--bias -B n Add partition bias n [bytes]
--attribute-type, -A n Dump type n
--attribute-name, -N str Dump attribute named str
--verbose, -v Decompress verbose
--linode, -n Show internal inode representation
--version, -V Print version number
ntgrep:
--filesystem, -f device Use device as volume
--offset, -o n Start at offset n
--ignorecase, -i Do caseless search
--ascii, -a Search for ASCII string (def. is Unicode)
--nodump, -n Display only location, don't dump context
--continue, -C Continue searching until end of volume
--cluster, -c n Start at cluster n
--blocksize, -b n Dump n bytes around the location
--bytes String is given as hex bytes
ntmkdir:
--filesystem, -f device Use device
--version, -v Display version
samdump:
- none -
Comments:
At https://www.cgsecurity.org/wiki/Chntpw_for_Dos a newer
version of CHNTPW is available (0.98.4).
Examples:
To change NT password,
- Autodetection mode:
1. ntcp ///winnt/system32/config/sam sam
2. chntpw -i sam
3. ntchange sam ///winnt/system32/config/sam
- Manual mode:
1. ntcp //hda2/winnt/system32/config/sam sam
2. chntpw -i sam
3. ntchange sam //hda2/winnt/system32/config/sam
To extract password,
- Autodetection mode:
1. ntcp ///winnt/system32/config/sam sam
2. samdump sam
- Manual mode:
1. ntcp //hda2/winnt/system32/config/sam sam
2. samdump sam
Use the manual mode if your NTFS partition is not detected.
hda2 a=first hard disk (a,b,c,...)
2=partition number 2
See also:
https://www.cgsecurity.org/wiki/Chntpw_for_Dos
Copyright © 2001 Christophe Grenier, help version 2023 W. Spiegl.
This file is derived from the FreeDOS Spec Command HOWTO.
See the file H2Cpying for copying conditions.