XSS and bypassing an Imperva WAF with JSFuck
Grumpy Admin here – With another exciting tip – Today I was asked a very interesting question – I thought I would share it with you guys.
I was asked – “How many activations does a particular Windows MAK key have available”. This was something I was able to instantly say – Yes I know a way of doing that, I gave him the answer he need quite quickly after a short installation process. Resulting in me not having to get the drinks in for the rest of the day. Skipped the coffee rounds today was to be my reward 🙂 Grumpy Admin takes all the perks he can get when he gets them! Wouldn’t you!
Basically, I discovered this tool a few years ago and it has sat at the back of my mind and pops out every so often. I used it when I was trying work out why a borrowed product key that should of work didn’t work for a “friend”.
There is a neat little tool to help us out, and it is called
Volume Activation Management Tool
The current version comes part of the Windows Assessment and Deployment kit for Windows 8.1, I am installing this on Windows 7 but you can use 8 or what ever (basically vista +) – this gives us a very useful GUI for managing volume keys and will also provide some PowerShell Cmdlets which we will have a look at in a bit to further help administer the Windows Activation process. I am going to assume here you are aware of the different types of keys and how the activation process works.
The first thing is to install, it a basic next install with a couple deselection and reselection of the bits we want in this case the VAMT took and it dependency SQL server 2012 express! You can grab the installer from this url
Here some pretty pictures for you to follow for the installation…. yawn! Grumpy Admin is lazy so I won’t bother talking you through the install we all know how to click next right?
Next we want to launch the GUI tool, which happens to be in the MMC style interface.
Once this is done we are dropped right in to the interface, as you can see it is quite different than the older version of the tool if you have used that in the past! There even support for Active Directory Based Activation. However, my machine isn’t domain joined so I can’t show you that!
I warn you now, I have put some horrible “red blobs” to protect the innocent as they say because I used a non test lab system and actual product keys for the screenshots! I was lazy so no real care was taken over filtering. Sorry
Now first thing, I want to do is to enumerate this particular domain. I can grab all the information from the machines using the very helpful wizard, as I am not domain joined I have to provide my domain credentials at various places, there are options for this, keep an eye out. Once I have the credentials it will grab the licencing information from the machines and display it all nice for you. Then we can easy see the activation and product key state, there are even some nice reports that can be produced. How sweet thank you Microsoft, it is as if licencing was close to your heart and worth development time!
Now for the bit that we are interested in. Getting an answer to our purposed question. I want to know how many activations are remaining on a particular MAK key. So I select the product key branch and right click and add product keys
Here I can enter my product keys.
I enter 7 different and actually valid Microsoft product keys – 6 MAK keys that I have hanging about from MSDN and other places and I have a RETAIL key, this is done so you will see what happens if it can’t validate a key due to the SKU!
As you can see it couldn’t validate the retail key. So it has thrown up an error! This is because it is volume activation management tool people!!!
Now that I have my 6 MAK keys installed into the product key database, we have to just refresh the online data for them keys and this will then provide the answers that we are looking as to how many activations are left!
Easy wasn’t it! No making coffee for Hazzy all day J
Not only does the key tell you this information, by installing the key in this manner we can then push the key to any valid products that need the key if we wish to and then activate it – for example, quite by accident and not designed in any way for this blog we have an office installation that doesn’t have a product key installed on a host somewhere in the domain. It is installed with a KMS key and there is no KMS host on this network. It has expired it grace period and is in the notification period.
So let’s assign it a key from our product key pool! We have 480 Office activations left on that MAK key so that should be fine…
BTW Activations does not equal licences!!! You have to check if you are licence for any installation depending usage rights in your agreement… There I said it so no dragging me to court! Your responsible for your own compliance.
Easy wasn’t it!
Pictures saves this Lazy Admin from typing! – As you can see the activation counter has decreased by one. Proving it was activated online. I could launch the product to check but I trust this tool and I am far too lazy to login and check!
So we were able to easy answer our question and we fixed a licencing issue as well all worthy of my prize I think!
Let’s quickly drop in to PowerShell. First you have to import the VAMT PowerShell modules, this is located in installation folder
Then you have to run the
Grrr never mind not a hardship really. But it is something you should be aware of as it might catch you or your scripts off guard if you do stuff with the module.
Now that is loaded let’s do a quick get-command on the module
There a few simple cmdlets, I won’t bother going through them with my usual depth. This is just to show that what you can do in the GUI you can do in PowerShell.
Let’s run a few just to check that it is working and data is being returned!
Yep it’s working
Now let do a
That works and now if we tidy it up with a select statement we can get the information we want very quickly in one line. 🙂
Get-VamtProductKey |select -Property KeyDescription,KeyType,KeyValue,RemainingActivations