So I often have to ‘break’ into VMs when migrating them. I put the word break into quotation marks because I’m doing it for the company…
What I mean by that is someone at the source end forgot to create me an account on the VM or doesn’t know the login. Fun times ahead!
My preferred method is with Kali Linux but there are also methods for the Windows installer and Ubuntu which I will link here once I’ve created them on Medium!
Lets hop in!🦘
First, mount the Kali Linux live boot ISO to the VM. I’ll be using 2021.2-live-amd64, just in case you cared.
In the boot menu for the VM, chose to boot from the CD Drive. For example, this is what it looks like with a VMware machine:
When you see the Kali Linux live menu, boot using the Live (Forensic Mode):
Once loaded, open the File Manager, find the Windows boot drive in the left side of the menu and navigate to /Windows/system32/config:
Open a terminal inside that folder by right-clicking in the empty space:
Inside the terminal, type the following command:
chntpw -I SAM
This will show all the users that Kali Linux has found on the Windows install.
I want to reset the built-in Administrator account, so feel free to update the command I use below:
chntpw -u Administrator SAM
- Select Option 1
- Once complete, press ‘q’ to exit
- Finally, press ‘y’ to save the changes
You can now reboot the server back into Windows and the Administrator password will be blank.
Make sure to add a new password to the Administrator account and to unmount the Kali Linux live ISO from the VM!
You might get an error that the Windows drive is in read-only mode. To fix this, run lsblk to find the sda number for the Windows install (e.g., sda4), then run sudo ntfsfix /dev/sda#