Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for May, 2012

Decoding Citrix IMA Datastore Password

This morning Arjan Beijer sent me an interesting link to a youtube video about obtaining the Citrix IMA Datastore password using Windbg.

The video shows a method, discovered by Denis Gundarev to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set’s a breakpoint on the call to CryptUnprotectData and then reads the password from memory.

I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means “Key not valid for use in specified state”.

(more…)

DefaultPassword Dumper

Just a small post today: a small commandline utility that reads the “DefaultPassword” LSA secret.

This secret is stored in the registry under the SECURITY Hive:

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\DefaultPassword

(more…)

Citrix Launcher Progress Update 1

After figuring out how to encode and decode the Citrix passwords my next step for the upcoming Citrix Launcher is experiment with config.xml and authenticating to the Citrix Web Interface.

imageI imported the NFuse.dtd from the Citrix Web Interface into Delphi with the XML Data Binding Wizard. The results in an NFuse Unit so I can easily create the XML data.

To create an authentication packet I use the following code:

(more…)

  • 0 Comments
  • Filed under: Citrix, Delphi
  • Encoding and Decoding Citrix Passwords

    I am working on a launcher tool for Citrix XenApp that can not only connect to a published application or published desktop but can also leverage Citrix Workspace Control to reconnect to disconnected and/or active sessions.

    There doesn’t seem to be any sdk that exposed the data we need so I am trying to reproduce what the Citrix online plugi-in does.

    I used a HTTP monitoring tool to capture the traffic between the Online plug-in and the Web Interface. First the online plug-in will retrieve the config.xml from the server specified via the Change Server option:

    What is the address of the server hosting your published resources? | Server Address | Example: servername (for non-secure connections) | https://servername (for secure connections)

    (more…)

  • 6 Comments
  • Filed under: Citrix
  • For a research project I tried to install Windows NT 4 Terminal Server on VMWare Workstation (version 8).

    The setup would always fail however with the following error:

    Setup was unable to verify drive C:\ | Your computer may lack sufficient memory to carry out the verification, or your Windows Terminal Server CD-ROM may contain some corrupt files. | Press ENTER to continue

    Obviously the installation doesn’t really fail because of too little memory and neither is the installation disc (an iso file) corrupt, it’s a bug.

    (more…)

  • 0 Comments
  • Filed under: VMWare
  • Bit Shifting in PowerShell

    I needed to dome some Bit Shifting in PowerShell but unfortunately PowerShell lacks operator for Bit Shifting. I searched the .NET Framework for anything that allows for bit shifting but was unable to find anything suitable.

    I didn’t want to revert to C# so I implemented shift left and shift right functions in PowerShell.

    The code isn’t really pretty and could probably be improved (comments/improvements are welcome!) but here goes (please note that I implemented for bit shifting a byte):

    (more…)

  • 3 Comments
  • Filed under: PowerShell
  • Blogroll


    Categories


    Archives