Monday, November 18, 2013

Copying SAM and SYSTEM hives (Or locked files) from a running system by directly dumping sectors.

My Kali installation did not have a copy of fgdump.exe, therefore while googling to download fgdump utility for a friend who is currently doing PWB from offensive security,  I stumbled upon a post which mentioned about dumping the sectors occupied by a file in order to copy a locked file from file system.

Thanks to my fat fingers.

One needs to have administrative privileges on system in order to achieve this but using this, the local SAM and SYSTEM hive can be copied from a running system without a need to reboot the system using linux bootable cd to free file locks.

The author Armen Hakobyan explains the implementation nicely with all the source codes listed. The list also holds a precompiled binary for 32 bit OS which is compatible with windows 7 as a demo project. 64 bit version can be compiled from sources.

Fdump-demo.exe binary in action.

FDUMP in Action.

Sunday, March 17, 2013

Installing Teamviewer 8 on Kali 64bit (Debian)

Installing Teamviewer 64bit on Kali OS.

While I was trying to install Teamviewer on my 64 bit Kali OS install,I ran into some missing dependencies. One of them was a i386 package, which cannot be installed on 64 bit unless multiple architecture support is enabled in your Install.
For this we first allow i386 to be installed as a multiarch.

root@kali:/home/dhakkan/Downloads# dpkg --add-architecture i386

Now we need to update our repositories.

root@kali:/home/dhakkan/Downloads# apt-get update

Now we can deploy i386 packages on 64 bit as multiarch

Now time to install the package.

dhakkan@kali:~/Downloads$ sudo dpkg -i teamviewer_linux_x64.deb

You will get errors for unmet dependency which can be installed by using following command

dhakkan@kali:~/Downloads$ sudo apt-get install -f

and it should be good to go.