Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Dumping passwords in a VMware .vmem file

imageBenjamin Delpy the author of the well known mimikatz toolkit has released a very cool extension to WinDbg today.

In summary the extension can extract Windows passwords from memory dumps, hibernation files and Virtual Machine .vmem files (paging, snapshots).

Especially the ability to extract passwords from .vmem files was very interesting. So I decided to to test this out, so let’s see how it works!

(more…)

  • 6 Comments
  • Filed under: VMWare
  • Lync Client Password Recovery

    I wrote a small tool that dumps all stored password for the Microsoft Lync Client that I’d like to share here.

    It’s a commandline tool that takes no arguments:

    Lync Password Dumper

    Have fun with it!

    Lync Password Dumper (8329 downloads )
  • 8 Comments
  • Filed under: Lync
  • Running multiple instances of Lync (howto)

    imageYesterday I showed a video demonstrating it’s possible to run multiple instances of the Microsoft Lync 2010 client simultaneously.

    A little warning before we go on: the Lync Client was not designed to run with multiple instances. Or better said: it was designed specifically to prevent this, let’s see how it does this:

    On startup Lync calls an internal function called COcAppNoUI::InitializeMainInstance. In this function it creates a Mutex named “Office Communicator_” in the Global namespace. It also creates an Event in the Global namespace called “COMMUNICATOR-“.

    When a second instance of Lync is launched it checks if the Global Mutex exists and if it does it fires the Global Event. The Main instance has a thread that waits for this event using the WaitForMultipleObjects API.

    (more…)

  • 5 Comments
  • Filed under: Lync, ThinApp
  • Installing Dell Wireless 5530 HSPA Mini PCI

    EDIT: See my followup article to learn how to reverse driver_auth.exe, decrypt and encrypt dell_wwan_sysID.dat.

    I bought a Dell Wireless 5530 HSPA Mini PCI card for my Dell Precision M4500 laptop.

    This is a small expansion card that works together with the built in SIM card slot that is present in most Dell (Business) laptops.

    -) 016

    This SIM card slot is usually located near the battery compartment:

    SimCardSlot

    The card was installed in a few minutes since the antenna cables were present already and on my laptop I only needed to remove the backcover with just one screw.

    Then I wanted to install the required software but this card is not officially supported in the M4500 (I bought this card because it was much cheaper on ebay).

    So I took the driver from the M4400/Latitude E range, labeled R251153 but I got this error message when installing:

    Internal error 23000. Authentification failed. The Dell Wireless 5540 HSPA Mobile Broadband Mini-Card cannot be installed on this computer

     

    (more…)

    Blogroll


    Categories


    Archives