Trinity Rescue Kit v 0.3 HOWTO
3. Changing NT/Win2k passwords
-kernel 2.4.16
-bash shell
-16 MB ramdisk
-network support (most common network cards supported). Use findnic.sh to try
all modules.
-SCSI support (again, most common adapters are supported, not all because of
size limitations)
-DHCP support. If no DHCP server is available, you can always use garp (see
further)
-mount all possible partitions on every disk on your local computer
(mountallfs.sh). Supported file systems: FAT, FAT32, NTFS, ISO9660, Reiserfs and EXT2
-do automatic virus scanning (which first gets you the latest updates if you
have an internet connection over your lan) (virusccan.sh)
-tools to change NT and Win2k passwords and repair NTFS partitions (chntpw and
ntfsfix)
-belgian keyboard support (azerty)
-mountallfs.sh mounts all possible partitions on all possible disks.
The mount points are equal to the device special file, so if you have a
filesystem on /dev/hda1, it will create a directory /hda1 and mount it there.
This script will give you numerous error messages, because there is no way to
know beforehand if a filesystem exists on a partition. I haven 't been able to
pipe it yet to /dev/null (the mount command must use something else than stderr
or stdout). Also beware that Windows 2000 NTFS partitions (NTFS 5) get mounted
as read-only. See further in this document how to mount them read/write.
Verify what is mounted by typing "mount"
-findnic.sh searches for your network card by trying all modules in
/lib/modules/2.4.16/kernel/drivers/net/ . Once more, this is a very verbose
script.
Type "lsmod" and "ifconfig -a" to verify if your card runs.
With shift+pgup you can see what went over your screen (a nice bash feature).
Next, type "dhcpcd eth0" to get an ip-address over your ethernet
If you don 't have a dhcp-server, you can use "garp" to assign
yourself a free ip-address. You will have to manually configure your default
gateway (e.g. route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.5.254) and dns
servers in /etc/resolv.conf
-virusscan.sh uses the free Linux antivirus version of F-prot (from Datafellows). It attempts to get the latest updates at ftp.f-prot.com, unpacks it and scans all local disks. Off course, you first need networking support and local filesystems mounted.
3. Changing NT/Win2k passwords
This is quite tricky, you cannot miss any of these steps or you 'll end up
with a pooched filesystem!
I'm also not responsable for any damage you may suffer from this procedure.
It has worked for me so far, but I can 't give any guarantees. Use it as a last
resort
-After mounting all partitions with "mountallfs.sh", your NTFS partitions will be mounted read-only. To have it mounted read/write, type "mount -o remount,rw /yourntfsmountpoint".
-You need some free space on another non NTFS partition, because editing on
NTFS is very dangerous and it won 't work anyway to make changes to your SAM. You
can create a new ramdisk (default size of 16Mb) by typing "mke2fs
/dev/ram1", make a mount point, say f.i. /ram, "mkdir /ram" and
mount it there "mount /dev/ram1 /ram.
There! A nice ramdisk to copy your files into (you need enough RAM off course)
-Copy your SAM, system and SECURITY file to another filesystem (fat or ext2). These files are located in WINNT/system32/config/
-Go to the dir you just copied your files to
-Type "chntpw SAM system SECURITY" or just "chntpw" to see a help screen
-Follow instructions
-Copy SAM, system and SECURITY back to their original location
-Unmount the ntfs partition
-Very important! Run ntfsfix of the partition you just unmounted! If it was /hda1, do ntfsfix /dev/hda1. Ntfsfix does some repairs like emptying your LOG file and setting the chkdsk flag. Let checkdisk run when you reboot into NT/Win2K
-Your Windows should boot after checkdisk, with the new password in place.
Find version 0.3 of the Trinity Rescue Kit at here The file is about 10 Meg. Write it with any burning software that can write ISOs.
For support questions, please mailto me, Tom Kerremans, trk@telenet.be