Windows: Script to recover lost Passwords from a unattend/sysprep.xml file


Passwords for new users or for joining a domain could defined in plain text or encrypted at sysprep.xml or unattend.xml file. But they are not “really” encrypted.

More »

Advertisment to support

Linux: btrfs command line examples


my collection of btrfs command line snippets.

More »

Windows: Recover lost passwords from memory


if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.

Two tools are needed:

  • Microsoft’s sysinternals procdump
  • mimikatz. A tool to play with windows security. Take care when download precompiled binaries. Better get the source code from github and compile it yourself.  Its very easy

Lets start. Login as a User with administrator permissions and dump the lsass process
More »

Windows: Windows did not start. Howto write a new MBR and recover Windows OS Bootsector


if you migrate a Windows Installation to another Computer or virtual environment such as VMWare ESXi or VMWare Workstation it could happen that the system won’t start.

A typical error when the master boot record or the boot sector of the boot partition needs to be updated or must be rewritten is when

  • After Postscreen of the BIOS the console shows “Operating system not found” this means there is no boot code in MBR
  • or it shows only a blinking cursor in the upper left edge. 2 possible reasons are thinkable
  1. MBR boot code is loaded but could not load the operation system => The boot sector of the Windows Boot partition needs to be updated
  2. The boot(active) flag of Windows boot partition  is missing

For all cases you can use the command line program “testdisk” which is part of the most linux live CDs/DVDs to correct this.
More »

Original Theme by Schiy · Powered by WordPress