search
top


Recover Keys – Part 2 – Scanning Devices on the Network

In this Part 2 review of Recover Keys, we will look at how we can scan machines via the network. For most users, I don’t believe this option will be used too often. The average home user that purchase a license for personal use could just uninstall and install the tool on each machine they want to grab license keys off of, or buy a license for multiple machines.

For larger organizations this tool is excellent as it can be installed in one location on a single machine. You also get the ability of being able to extract the license keys via the network, which makes this tool much more efficient and valuable. At the end of the day it is all about saving and making the best use of time.

If you haven’t read Part 1 of using Recover Keys (scanning a local machines) you can check it out here: https://www.stealthbay.com/recover-keys-part-1-scanning-a-local-machine/

**Caution, I did end up receiving an error when I tried to run this tool via the network on a windows 7 machines. I later came to the conclusion that an edit needs to be made in the registry of each of the networked machines. Personally, I am not fond of this registry change, as it does put your system at a higher risk due to allowing UAC access remotely.

If you received “Access Denied” error while trying to scan remote PC (which is Windows 7 or Windows Vista) with Recover Keys, this means UAC remote restriction is blocking it. Please complete following steps on remote Windows 7/Vista in order to fix it:

  1. Click ‘Start’, click ‘Run’, type ‘regedit’, and then press Enter.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. If the ‘LocalAccountTokenFilterPolicy’ registry entry does not exist, follow these steps:
    • On the ‘Edit’ menu, point to ‘New’, and then click ‘DWORD’ Value.
    • Type ‘LocalAccountTokenFilterPolicy’, and then press Enter.
  4. Right-click ‘LocalAccountTokenFilterPolicy’, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit Registry Editor.
  7. Reboot the machines for the changes to take effect.

Running Recover Keys

The first step is to select our source machine. Select the “Scan network computer” option.

Next, identify the IP address or DNS hostname of the other machine you wish to grab licenses from. On my case I found that the machines IP address was 192.168.213.133.

You will also require access to an account on the machine (unless you have a domain setup within your network). For this particular use case a local admin level account was used to test the product.

After clicking on the OK button, the scanning will take place listing the progress and status of the scan.

Once the scan is done a list of all license keys will be presented to you right away. As you can see it is quite detailed and I was shocked to see certain apps I probably had not used in a very long time. But, the license keys were still stored within a registry entry.

Other Scans – Registry Files

If you have access to a registry hive file that you may have downloaded off another machine. You then have the ability to use Recover Keys to scan through it to identify and license keys.  I don’t see many use cases for this activity for actual legit usage.

Non-Ethical Uses

As great as this “scan offline registry” mode is, I can see malicious attackers making use of this registry feature. If you can download a registry hive backup from a machine and using exfiltration out to a server you control. Well, now you have the ability to list out all of the license keys, which you could now potentially sell on eBay or the dark web. From a malicious attackers perspective it would be a great tool for making quick $$.

Conclusion

I think Recover Key ( https://recover-keys.com/en/aboutus.html) is an excellent tool. I’d definitely use it again in the future for obtaining a list of license keys from machines. I could see some smaller businesses and organizations making use of it. Larger enterprise businesses usually have some kind of license key manager already setup and running. But for those of us with personal machines, or smaller businesses that can’t afford enterprise level license managers. I’d definitely recommend! Especially, to users especially if you plan on going through a fresh install of Windows.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top