ALT Linux repositórios
Group :: Sistema/Kernel e hardware
RPM: chntpw
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: Chris_Macaulay.patch
Download
Download
diff --unified --recursive --new-file --exclude=changeIP --exclude=sl --exclude=start --exclude=live chntpw-source-040818/chntpw.c chntpwdmod/chntpw.c
--- chntpw-source-040818/chntpw.c 2004-08-19 04:42:01.000000000 +0800
+++ chntpwdmod/chntpw.c 2006-03-10 08:00:43.000000000 +0800
@@ -85,6 +85,10 @@
int dirty = 0;
int max_sam_lock = 0;
+
+FILE *scriptfile = NULL;
+FILE *exportfile = NULL;
+
/*
* of user with RID 500, because silly MS decided
* to localize the bloody admin-username!! AAAGHH!
@@ -511,7 +515,7 @@
printf("** LANMAN password IS however set. Will now install new password as NT pass instead.\n");
printf("** NOTE: Continue at own risk!\n");
ntpw_offs = lmpw_offs;
- (unsigned int)*(vp+0xa8) = ntpw_offs - 0xcc;
+ *(vp+0xa8) = (unsigned int)(ntpw_offs - 0xcc);
ntpw_len = 16;
lmpw_len = 0;
}
@@ -621,14 +625,14 @@
ntpw_len = 16;
lmpw_len = 16;
ntpw_offs -= 4;
- (unsigned int)*(vp+0xa8) = ntpw_offs - 0xcc;
+ *(vp+0xa8) = (unsigned int)(ntpw_offs - 0xcc);
*(vp + 0xa0) = 16;
*(vp + 0xac) = 16;
}
for (i = 0; i < 16; i++) {
- (unsigned char)*(vp+ntpw_offs+i) = despw[i];
- if (lmpw_len >= 16) (unsigned char)*(vp+lmpw_offs+i) = newlandes[i];
+ *(vp+ntpw_offs+i) = (unsigned char)(despw[i]);
+ if (lmpw_len >= 16) *(vp+lmpw_offs+i) = (unsigned char)(newlandes[i]);
}
} else {
printf("Unable to set since it is blank.\n");
@@ -700,9 +704,11 @@
if (type == REG_SZ) break;
}
puts(string);
+ if (exportfile) addexportfile(string);
break;
case REG_DWORD:
printf("0x%08x",*(unsigned short *)data);
+ if (exportfile) addexportfile(data);
break;
default:
printf("Don't know how to handle type yet!\n");
@@ -778,19 +784,64 @@
void edit_val(struct hive *h, int nkofs, char *path)
{
struct keyval *kv, *newkv;
+ struct nk_key *key;
int type,len,n,i,in,go, newsize, d = 0, done, insert = 0;
char inbuf[SZ_MAX+4];
char origstring[SZ_MAX+4];
char *newstring;
char *dbuf;
+ int vofs;
type = get_val_type(h, nkofs, path);
if (type == -1) {
printf("Value <%s> not found!\n",path);
return;
}
+
+ if (type == 0) {
+ printf("Value <%s> type 0!\n",path);
+
+ vofs = trav_path(h, nkofs, path, 0);
+
+ if(!vofs) {
+ printf("edit_val(0): Key <%s> not found\n",path);
+ return;
+ }
+ vofs += 4;
+
+ key = (struct nk_key *)(h->buffer + vofs);
+ printf("edit_val of node at offset 0x%0x\n",vofs);
+
+ if (key->id != 0x6b6e) {
+ printf("Error: Not a 'nk' node!\n");
+
+ debugit(h->buffer,h->size);
+
+ }
+ if (scriptfile) {
+ getnextline(inbuf);
+ }
+ else {
+ fmyinput("enter new value - \n-> ", inbuf, 50);
+ }
+
+ if (strlen(inbuf) < 1) {
+ printf("Keeping old name\n");
+ return;
+ }
+ if (strlen(inbuf) > key->len_name) {
+ printf("Limitation - new string must not be longer than old string\n");
+ return;
+ }
+
+ strncpy(key->keyname,inbuf,key->len_name);
+ h->state |= HMODE_DIRTY;
+ return;
+
+ }
kv = get_val2buf(h, NULL, nkofs, path, type);
+ printf("get_val2_buf\n");
if (!kv) {
printf("Unable to get data of value <%s>\n",path);
return;
@@ -804,8 +855,13 @@
switch(type) {
case REG_DWORD:
printf("DWORD: Old value %d [0x%x], ", kv->data, kv->data);
- fmyinput("enter new value (prepend 0x if hex, empty to keep old value)\n-> ",
+ if (scriptfile) {
+ getnextline(inbuf);
+ }
+ else {
+ fmyinput("enter new value (prepend 0x if hex, empty to keep old value)\n-> ",
inbuf, 12);
+ }
if (*inbuf) {
sscanf(inbuf,"%i",&kv->data);
d = 1;
@@ -842,7 +898,14 @@
printf("[%2d]: %s\n",n, insert == 1 ? "[INSERT]" : ((i < (len>>1)-1 ) ? origstring+i : "[NEW]"));
if (insert) insert++;
- if (!go) fmyinput("-> ",inbuf, 500);
+ if (!go) {
+ if (scriptfile) {
+ getnextline(inbuf);
+ }
+ else {
+ fmyinput("-> ",inbuf, 500);
+ }
+ }
else *inbuf = 0;
if (*inbuf && strcmp("--q", inbuf)) {
if (!strcmp("--n", inbuf) || !strcmp("--Q", inbuf)) { /* Zap rest */
@@ -946,6 +1009,38 @@
return(0);
}
+/* Get next line from script file
+ *
+ */
+int getnextline(char *inbuf)
+{
+ int l;
+ char arg;
+ for (l=0;99>l;l++)
+ inbuf[l] = '\0';
+
+ l = 0;
+ while ((arg = fgetc(scriptfile)) != EOF) {
+ if (arg == '\n') break;
+ inbuf[l] = arg;
+ l++;
+ }
+ printf("!!!%s!!!\n",inbuf);
+ if (arg == EOF) {
+ fclose(scriptfile);
+ scriptfile = NULL;
+ return 2;
+ }
+ return 1;
+}
+
+void addexportfile(char *name)
+{
+ if (exportfile) {
+ fprintf(exportfile,"%s\n",name);
+ }
+}
+
/* Simple interactive command-parser
* Main loop for manually looking through the registry
*/
@@ -960,6 +1055,7 @@
int l, vkofs, nh;
int usehive = 0;
struct keyval *kv;
+ int script = 0;
#if ALLOC_DEBUG
int pagestart;
@@ -984,7 +1080,17 @@
printf("find_free_blk: 0x%x\n",freetest);
#endif
printf("\n[%0x] %s> ",cdofs,path);
+
+ if (scriptfile) {
+ script = getnextline(inbuf);
+ l = strlen(inbuf);
+ }
+
+ if (script == 0) {
l = fmyinput("",inbuf,90);
+ }
+ if (script == 2) return;
+
bp = inbuf;
skipspace(&bp);
@@ -1070,6 +1176,7 @@
case MCMD_EDIT :
bp++;
skipspace(&bp);
+ printf("pre edit_val\n");
edit_val(hdesc, cdofs+4, bp);
break;
case MCMD_HIVE :
@@ -1529,9 +1636,11 @@
" -l list all users in SAM file\n"
" -i Interactive. List users (as -l) then ask for username to change\n"
" -e Registry editor. Now with full write support!\n"
+ " -f <file> Registry editor from script file.\n"
+ " -x <file> Export Harddrive info.\n"
" -d Enter buffer debugger instead (hex editor), \n"
- " -t Trace. Show hexdump of structs/segments. (deprecated debug function)\n"
- " -v Be a little more verbose (for debuging)\n"
+ " -t Trace. Show hexdump of structs/segments. (deprecated debug function)\n"
+ " -v Be a little more verbose (for debuging)\n"
" -L Write names of changed files to /tmp/changed\n"
" -N No allocation mode. Only (old style) same length overwrites possible\n"
"See readme file on how to extract/read/write the NT's SAM file\n"
@@ -1552,8 +1661,10 @@
char *who = "Administrator";
char iwho[100];
FILE *ch; /* Write out names of touched files to this */
+ char *scriptf,*exportf;
+ int script = 0,x = 0;
- char *options = "LNidehltvu:";
+ char *options = "LNidehltvf:u:x:";
printf("%s\n",chntpw_version);
while((c=getopt(argc,argv,options)) > 0) {
@@ -1567,6 +1678,8 @@
case 'v': gverbose = 1; break;
case 'i': list = 1; who = 0; inter = 1; break;
case 'u': who = optarg; list = 1; break;
+ case 'f': scriptf = optarg;script = 1;break;
+ case 'x': exportf = optarg;x = 1;script = 1;break;
case 'h': usage(); exit(0); break;
default: usage(); exit(1); break;
}
@@ -1575,6 +1688,22 @@
if (!filename || !*filename) {
usage(); exit(1);
}
+ if (x) {
+ if (!(exportfile=fopen (exportf, "w"))) {
+ printf ("Can't findr: %s",exportf);
+ exit(0);
+ }
+ }
+ if (script) {
+ if (!(scriptfile=fopen (scriptf, "r"))) {
+
+ exit(0);
+ }
+ else {
+ printf ("Script File %s found\n",scriptf);
+ }
+ }
+
do {
if (!(hive[no_hives] = openHive(filename,
HMODE_RW|noalloc|(list == 2 ? HMODE_VERBOSE : 0)))) {
@@ -1598,7 +1727,7 @@
if (list && !edit && !inter) {
if ( list_users(1) ) edit = 1;
}
- if (edit) mainloop();
+ if (edit || script) mainloop();
else if (who) { handle_syskey(); find_n_change(who); }
if (inter) interactive();
@@ -1614,7 +1743,10 @@
if (d) {
/* Only prompt user if logging of changed files has not been set */
/* Thus we assume confirmations are done externally if they ask for a list of changes */
- if (!logchange) fmyinput("Write hive files? (y/n) [n] : ",iwho,3);
+ if (!logchange) {
+ if (script) {iwho[0] = 'y';}
+ else {fmyinput("Write hive files? (y/n) [n] : ",iwho,3);}
+ }
if (*iwho == 'y' || logchange) {
if (logchange) {
ch = fopen("/tmp/changed","w");
diff --unified --recursive --new-file --exclude=changeIP --exclude=sl --exclude=start --exclude=live chntpw-source-040818/ntreg.c chntpwdmod/ntreg.c
--- chntpw-source-040818/ntreg.c 2004-08-19 04:42:02.000000000 +0800
+++ chntpwdmod/ntreg.c 2006-03-14 08:13:09.000000000 +0800
@@ -1390,6 +1390,19 @@
}
+ printf("%d\n",key->id);
+ printf("%d\n",key->type);
+ printf("0x%0x\n",key->ofs_parent);
+ printf("%d\n",key->no_subkeys);
+ printf("0x%0x\n",key->ofs_lf);
+ printf("%d\n",key->no_values);
+ printf("0x%0x\n",key->ofs_vallist);
+ printf("0x%0x\n",key->ofs_sk);
+ printf("%d\n",key->ofs_classnam);
+ printf("%d\n",key->len_name);
+ printf("%d\n",key->len_classnam);
+ printf("%s\n",key->keyname);
+
printf("Node has %ld subkeys and %ld values",key->no_subkeys,key->no_values);
if (key->len_classnam) printf(", and class-data of %d bytes",key->len_classnam);
printf("\n");
@@ -1397,6 +1410,7 @@
if (key->no_subkeys) {
printf("offs key name\n");
while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) {
+ addexportfile(ex.name);
printf("[%6x] %c <%s>\n", ex.nkoffs, (ex.nk->len_classnam)?'*':' ',ex.name);
FREE(ex.name);
}
@@ -2514,7 +2528,7 @@
ALLOC(kr,1,sizeof(int)+sizeof(int));
kr->len = sizeof(int);
- (int)kr->data = dword;
+ kr->data = (int)dword;
r = put_buf2val(hdesc, kr, vofs, path, REG_DWORD);
diff --unified --recursive --new-file --exclude=changeIP --exclude=sl --exclude=start --exclude=live chntpw-source-040818/ntreg.h chntpwdmod/ntreg.h
--- chntpw-source-040818/ntreg.h 2004-08-19 04:42:02.000000000 +0800
+++ chntpwdmod/ntreg.h 2006-03-08 08:55:43.000000000 +0800
@@ -365,3 +365,6 @@
int del_key(struct hive *hdesc, int nkofs, char *name);
void rdel_keys(struct hive *hdesc, char *path, int nkofs);
struct keyval *get_class(struct hive *hdesc, int curnk, char *path);
+
+int getnextline(char *inbuf);
+void addexportfile(char *name);
diff --unified --recursive --new-file --exclude=changeIP --exclude=sl --exclude=start --exclude=live chntpw-source-040818/README_Chris_Macaulay.txt chntpwdmod/README_Chris_Macaulay.txt
--- chntpw-source-040818/README_Chris_Macaulay.txt 1970-01-01 08:00:00.000000000 +0800
+++ chntpwdmod/README_Chris_Macaulay.txt 2006-06-27 16:54:05.000000000 +0800
@@ -0,0 +1,67 @@
+The chntpw agreement is ... (sorry, its a bit long)
+The Offline NT Password & Registry Editor
+
+Copyright information & credits for:
+chntpw binary
+chntpw source
+urce (registry edit library)
+is Copyright (c) 1997-2004 Petter Nordahl-Hagen, pnordahl@eunet.no
+
+Rules (someone calls it license):
+The chntpw binary & source can be both changed and distributed
+by anyone in any way they like if:
+e makes money on it (commercial sales is a big NONO)
+except: a) Charging for media/packaging/printed docs/support/shipping
+is allowed.
+b) Inclusion in typical linux, *bsd or similar OS
+tions (also commercial)
+is allowed as long as use of chntpw & ntreg is
+not the distributions primary purpose. Anyway it's
+nice if I get notified any such inclusion.
+ource must be available (at least as an option)
+3) The changed program also follows these rules.
+4) As long as code written by me is included, it must give me credit,
+at least in the source code and docs.
+
+If you ask I will very likely allow other types of distribution.
+(have already had questions of it as a bonus on eBay auctions.
+ ask, and you will likely get permission)
+I'm just a kind of control freak, so I want to know what's going on.
+
+
+
+This program is still considered a huge HACK so please note::
+
+* THIS SOFTWARE IS PROVIDED BY PETTER NORDAHL-HAGEN `AS IS'' AND
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+* SUCH DAMAGE.
+
+ric Young, I borrowed your disclaimer, too..)
+
+---------------------------------------------------------------------------------
+
+This software uses some routines & links with routines
+by the following people/organizations:
+
+* As of 2001, it now uses OpenSSL for MD4 & DES.
+* Thanks to Denis Ducamp for patches to make it work with OpenSSL.
+*
+* Part of some routines, information and ideas taken from
+* pwdump by Jeremy Allison.
+*
+* Some stuff from NTCrack by Jonathan Wilkins.
+
+--------------------------------------------------------------------------------
+
+
+It would be nice to be credited to have modified it, other than that, just follow that license.
+
+Chris