Tag Archives: recover

Security, Windows knowhow

Windows: Recover lost passwords from memory

2 Comments

Hi,

if a User is logged on and forget it’s password you can dump to lsa process and recover the password from a dump file.

Two tools are needed:

  • Microsoft’s sysinternals procdump
  • mimikatz. A tool to play with windows security. Take care when download precompiled binaries. Better get the source code from github and compile it yourself.  Its very easy

Lets start. Login as a User with administrator permissions and dump the lsass process
Continue reading Windows: Recover lost passwords from memory

Windows knowhow

Windows: Windows did not start. Howto write a new MBR and recover Windows OS Bootsector

Leave a comment

Hi,

if you migrate a Windows Installation to another Computer or virtual environment such as VMWare ESXi or VMWare Workstation it could happen that the system won’t start.

A typical error when the master boot record or the boot sector of the boot partition needs to be updated or must be rewritten is when

  • After Postscreen of the BIOS the console shows “Operating system not found” this means there is no boot code in MBR
  • or it shows only a blinking cursor in the upper left edge. 2 possible reasons are thinkable
  1. MBR boot code is loaded but could not load the operation system => The boot sector of the Windows Boot partition needs to be updated
  2. The boot(active) flag of Windows boot partition  is missing

For all cases you can use the command line program “testdisk” which is part of the most linux live CDs/DVDs to correct this.
Continue reading Windows: Windows did not start. Howto write a new MBR and recover Windows OS Bootsector