<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Password on Remko's Blog</title><link>https://remkoweijnen.nl/blog/tags/password/</link><description>Recent content in Password on Remko's Blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Wed, 13 Dec 2017 13:53:08 +0000</lastBuildDate><atom:link href="https://remkoweijnen.nl/blog/tags/password/index.xml" rel="self" type="application/rss+xml"/><item><title>Change NetScaler Password Hash from SHA1 to SHA512</title><link>https://remkoweijnen.nl/blog/2017/12/13/change-netscaler-password-hash-sha1-sha512/</link><pubDate>Wed, 13 Dec 2017 13:53:08 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2017/12/13/change-netscaler-password-hash-sha1-sha512/</guid><description>&lt;p&gt;This morning I wanted to install the NetScaler patch for the TLS padding vulnerability and of course I made a backup before deploying it.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: If you haven&amp;rsquo;t installed this patch yet I would recommended to do so: see &lt;a href="https://support.citrix.com/article/CTX230238"&gt;CTX230238&lt;/a&gt; and check out the &lt;a href="https://robotattack.org/"&gt;ROBOT attack -Return Of Bleichenbacher&amp;rsquo;s Oracle Threat&lt;/a&gt; page to check which other products you may have that are vulnerable.&lt;/p&gt;
&lt;p&gt;Upon checking the backups (I always download the backup and verify that the archive is intact) I noticed that one of my NetScaler&amp;rsquo;s uses SHA1 for the password hash whilst the other one uses SHA512:&lt;/p&gt;
&lt;p id="NVylnDh"&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2017/12/image.webp" class="glightbox" data-type="image" data-gallery="post-4167"&gt;&lt;img loading="lazy" decoding="async" style="display: inline;" title="image" src="https://remkoweijnen.nl/blog/wp-content/uploads/2017/12/image_thumb.webp" alt="image" width="432" height="90" /&gt;&lt;/a&gt;&lt;/p&gt;
I thought that this was a little strange as both NetScaler's are running the exact same build. However one of them (the one that uses SHA512) was reinstalled recently whilst the one using SHA1 has been upgraded.</description></item><item><title>Decoding Citrix IMA Datastore Password</title><link>https://remkoweijnen.nl/blog/2012/05/29/decoding-citrix-ima-datastore-password/</link><pubDate>Tue, 29 May 2012 21:46:30 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2012/05/29/decoding-citrix-ima-datastore-password/</guid><description>&lt;p&gt;This morning &lt;a href="http://www.twitter.com/arbeijer/status/207398601066942464"&gt;Arjan Beijer&lt;/a&gt; sent me an interesting link to a &lt;a href="http://www.youtube.com/watch?v=Cb8-kvJkojY"&gt;youtube video&lt;/a&gt; about obtaining the Citrix IMA Datastore password using Windbg.&lt;/p&gt;
&lt;p&gt;The video shows a method, discovered by &lt;a href="https://twitter.com/#!/fdwl"&gt;Denis Gundarev&lt;/a&gt; to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set&amp;rsquo;s a breakpoint on the call to &lt;a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa380882(v=vs.85).aspx"&gt;CryptUnprotectData&lt;/a&gt; and then reads the password from memory.&lt;/p&gt;
&lt;p&gt;I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means &amp;ldquo;Key not valid for use in specified state&amp;rdquo;.&lt;/p&gt;</description></item><item><title>Encoding and Decoding Citrix Passwords</title><link>https://remkoweijnen.nl/blog/2012/05/13/encoding-and-decoding-citrix-passwords/</link><pubDate>Sun, 13 May 2012 21:55:02 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2012/05/13/encoding-and-decoding-citrix-passwords/</guid><description>&lt;p&gt;I am working on a launcher tool for Citrix XenApp that can not only connect to a published application or published desktop but can also leverage Citrix Workspace Control to reconnect to disconnected and/or active sessions.&lt;/p&gt; &lt;p&gt;There doesn't seem to be any sdk that exposed the data we need so I am trying to reproduce what the Citrix online plugi-in does.&lt;/p&gt; &lt;p&gt;I used a HTTP monitoring tool to capture the traffic between the Online plug-in and the Web Interface. First the online plug-in will retrieve the config.xml from the server specified via the Change Server option:&lt;/p&gt; &lt;p&gt;&lt;a class="glightbox thickbox" href="https://remkoweijnen.nl/blog/wp-content/uploads/2012/05/image2.webp" data-type="image" data-gallery="post-2586"&gt;&lt;img loading="lazy" decoding="async" style="display: inline" title="Change Server - Citrix online plug-in" alt="What is the address of the server hosting your published resources? | Server Address | Example: servername (for non-secure connections) | https://servername (for secure connections)" src="https://remkoweijnen.nl/blog/wp-content/uploads/2012/05/image_thumb2.webp" width="240" height="167" /&gt;&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Lync Client Password Recovery</title><link>https://remkoweijnen.nl/blog/2012/03/12/lync-client-password-recovery/</link><pubDate>Mon, 12 Mar 2012 23:25:51 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2012/03/12/lync-client-password-recovery/</guid><description>&lt;p&gt;I wrote a small tool that dumps all stored password for the Microsoft Lync Client that I'd like to share here.&lt;/p&gt; &lt;p&gt;It's a commandline tool that takes no arguments:&lt;/p&gt; &lt;p&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2012/03/SNAGHTML173c9066.webp" class="glightbox" data-type="image" data-gallery="post-2529"&gt;&lt;img loading="lazy" decoding="async" style="display: inline" title="Screenshot" alt="Lync Password Dumper" src="https://remkoweijnen.nl/blog/wp-content/uploads/2012/03/SNAGHTML173c9066_thumb.webp" width="415" height="210" /&gt;&lt;/a&gt;&lt;/p&gt; &lt;p&gt;Have fun with it!&lt;/p&gt;</description></item><item><title>McAfee Anti Virus Unlock User Interface Password</title><link>https://remkoweijnen.nl/blog/2011/12/09/mcafee-anti-virus-unlock-user-interface-password/</link><pubDate>Fri, 09 Dec 2011 15:50:12 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2011/12/09/mcafee-anti-virus-unlock-user-interface-password/</guid><description>&lt;p&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2011/12/image2.webp" class="glightbox" data-type="image" data-gallery="post-2231"&gt;&lt;img loading="lazy" decoding="async" style="margin: 0px 5px 0px 0px; display: inline; float: left" title="image" alt="image" align="left" src="https://remkoweijnen.nl/blog/wp-content/uploads/2011/12/image_thumb2.webp" width="48" height="48" /&gt;&lt;/a&gt;I needed to change a few settings on a McAfee VirusScan Enterprise 8.7.Oi client. However there was a password protection in place that locks the user interface and nobody around that could tell me the password. So what to do?&lt;/p&gt; &lt;p&gt;Right, we check out where this password is stored and how we can get rid of it!&lt;/p&gt; &lt;p&gt;I openend vsplugin.dll in Ida Pro and searched for related strings such as password, lock etc.&lt;/p&gt; &lt;p&gt;&amp;#160;&lt;/p&gt;</description></item></channel></rss>