AV-School.com - Editing Windows System Registry Using Linux-Tools - Security

About ru | pl

AV-School — New source of IT-knowledge!

Forums

/ For students

/ → Computer Biathlon

All-in-row News Articles

Blogs

Home / Users' blogs / User's blog Marina / Entry comments

Security → Editing Windows System Registry Using Linux-Tools

Rating: +1

04 Aug 10 at 20:18

Today we will discuss the using of console tool chntpw.
I have already written about Ubuntu OS in my previous articles, so I decided use this Linux distributive in my example as one of the most widespread.

So, let’s begin. At first we should run a package manager and enable the additional software repositories. It is enough to select all options on the Software Sources page for it:

After that update the list of available packages:

Then we simply enter the name of the tool in the Quick search box and it has been immediately found:

Next well-known installation procedure to all users of a package manager:

Once the required program has been successfully installed we need to know the ID of the system disk. This identifier is written in the header of the file browser:

It is not necessary to remember the identifier, the first few characters are enough.

Run the terminal and go to the directory containing the registry files. To do this we will write the following:

cd /media/ <ID>/ WINDOWS/system32/config

When typing, remember that command interpreter can substitute the appropriate names of directories and files if you type the first few characters and press Tab button. It is very helpful in case of a long and complex ID.

After you went to the necessary directory load the branch of the system registry in the editing program. To do this we will write in the same terminal:

chntpw -e software

If everything went successfully, you will see approximately the following:

Enter a question mark to get a help information:

Consider the situation when the Trojan inserts its file in the link key of Shell.

In order to move in a certain system registry key you should specify the path as for jump within the directory. To do this type the following:

cd Microsoft\Windows NT\CurrentVersion\Winlogon

It is not necessary to write HKLM\SOFTWARE, because we loaded this branch when executing the tool.

If typing without errors so long path is difficult for you it is possible to use cunning: Live CD Ubuntu is a complete operating system and nothing (except the lack of the Internet) does not prevent you to go to the av-school and just copy the path right from this (or past) article:

Then insert a ready path into the terminal:

Here we are in place:

Look what the parameter Shell contains at this point. To do this use the command cat Shell:

This value should be replaced by Explorer.exe. To do this, use the command ed Shell. In this case, we can see again the Shell contents at the moment and we are offered to write a new value or simply press enter to leave unchanged:

Just write Explorer.exe and press Enter:

Check that everything is correct:

And press q to quit program. And we are asked whether we are going to save the changes:

Press "y" to confirm.

That's all. It may seem not so easy, because it is needed to write so much in a console without making mistakes when entering. Linux also distinguishes between capital and small letters, so you need to enter exactly CurrentVersion, but not currentversion ... Having done it once you will see that is not so difficult and scary. Does anybody want to write a simple graphical interface to the chntpw tool?

Dmytro Krasylnikov
"Design and Test Lab", Ltd. 2010
/specially for www.av-school.com/

Rating:

| More

Entry comments:

No comments on this entry. Back.