Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page

Was this helpful?

  1. IoT / Reverse / Firmware
  2. Basic tips

Repair NTFS dirty disks

If you have a damage NTFS disk you can try to repair it.

A possible error when you are mounting the disk: nvme1n1p1: volume is dirty and "force" flag is not set!

sudo journalctl -f

abr 11 14:31:54 gr4n4d3 kernel: ntfs3: nvme1n1p1: It is recommened to use chkdsk.
abr 11 14:31:54 gr4n4d3 kernel: ntfs3: nvme1n1p1: volume is dirty and "force" flag is not set!
abr 11 14:31:54 gr4n4d3 udisksd[4387]: $MFTMirr does not match $MFT (record 3).
abr 11 14:31:54 gr4n4d3 udisksd[4387]: Failed to mount '/dev/nvme1n1p1': Input/output error
abr 11 14:31:54 gr4n4d3 udisksd[4387]: NTFS is either inconsistent, or there is a hardware fault, or it's a
abr 11 14:31:54 gr4n4d3 udisksd[4387]: SoftRAID/FakeRAID hardware. In the first case run chkdsk /f on Windows
abr 11 14:31:54 gr4n4d3 udisksd[4387]: then reboot into Windows twice. The usage of the /f parameter is very
abr 11 14:31:54 gr4n4d3 udisksd[4387]: important! If the device is a SoftRAID/FakeRAID then first activate
abr 11 14:31:54 gr4n4d3 udisksd[4387]: it and mount a different device under the /dev/mapper/ directory, (e.g.
abr 11 14:31:54 gr4n4d3 udisksd[4387]: /dev/mapper/nvidia_eahaabcc1). Please see the 'dmraid' documentation
abr 11 14:31:54 gr4n4d3 udisksd[4387]: for more details.
abr 11 14:31:54 gr4n4d3 gnome-shell[1876]: JS ERROR: Mount and launch mountable-volume:72BCBC4A3D9DDC2E: Error: Expected type string for argument 'details' but got type GLib_Error
                                           _notifyActionError@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:484:20
                                           launchAction@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:538:22
                                           async*mountAndLaunch@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:470:24
                                           vfunc_launch@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:436:14
                                           makeLocationApp/<@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:930:26
                                           _create/object[name]@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/utils.js:296:68
                                           wrapWindowsBackedApp/<@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:879:26
                                           _create/object[name]@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/utils.js:296:68
                                           wrapWindowsBackedApp/<@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/locations.js:892:34
                                           _create/object[name]@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/utils.js:296:68
                                           launchNewWindow@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/appIcons.js:677:26
                                           activate@/usr/share/gnome-shell/extensions/ubuntu-dock@ubuntu.com/appIcons.js:615:18
                                           vfunc_clicked@resource:///org/gnome/shell/ui/appDisplay.js:3171:14

To fix it you can try the following command:

sudo ntfsfix /dev/nvme1n1p1
Mounting volume... $MFTMirr does not match $MFT (record 3).
FAILED
Attempting to correct errors... 
Processing $MFT and $MFTMirr...
Reading $MFT... OK
Reading $MFTMirr... OK
Comparing $MFTMirr to $MFT... FAILED
Correcting differences in $MFTMirr record 3...OK
Processing of $MFT and $MFTMirr completed successfully.
Setting required flags on partition... OK
Going to empty the journal ($LogFile)... OK
Checking the alternate boot sector... OK
NTFS volume version is 3.1.
NTFS partition /dev/nvme1n1p1 was processed successfully.
PreviousBasic tipsNextReverse IoT devices

Last updated 1 year ago

Was this helpful?

Done

😎