Howto do some things in Windows
Hi,
for deeper inspection of Windows it is sometimes necessary to get a memory dump of the machine to analyse these output with tools like volatility .
There are several ways to provoke windows to write a dump.
Continue reading Windows: Initate a kernel memory dump
Hi,
in WinPE it is possible to read bitlocker encrypted drives.
Check state
manage-bde -status c:
If the drive is only protected by a password use
manage-bde -unlock c: -pw
Continue reading Windows: Read Bitlocker encrypted drive in Windows PE
Hi,
if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.
Two tools are needed:
Lets start. Login as a User with administrator permissions and dump the lsass process
Continue reading Windows: Recover lost passwords from memory
Hi,
first post in 2015 🙂
msiexec offers the ability to extract all files included in an msi file to a specified folder by alter the TARGETDIR proberty of the msi package.
Syntax is
msiexec /a msifile.msi /qb TARGETDIR=D:\target
Continue reading Windows: Extract all files from a msi file
Hi,
its not recommended, but Windows can act as a IP Router.
To enable routing set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter to 1:
c:\>reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v IPEnableRouter /D 1 /f
change the startup type of the service “Routing and Remote Access” to auto
sc config RemoteAccess start= auto
and start the service
sc start RemoteAccess
Thats it
Michael