[Dshield] Change windows local passwords remotely

Daniel Hay danny at eboundary.com
Thu Apr 1 05:05:39 GMT 2004


Thanks, unfortunately this is going to be run in a university environment as
such we do not have direct control/physical access to all the machines so I
don't think this method would work (unless I'm misunderstanding what your
trying to tell me it is late afterall :) )

This is why we're looking for a tool that can attempt to login to the
machine remotely using the c$ share for instance using a list of passwords,
if it is successful it would reset the password and send the user a message
to let them know we reset the password.

The procedure I see in my head would be something along the lines of

1) Connect to a machine, see if it has a NULL password or a weak password
from a predefined list of bad passwords

2) if it can login with the given passwords, it should reset the password to
something better (random strings or predefined, I'm easy)

3) after a successful password change send the machine a winpopup telling
them the administrator password was insecure and has been changed for their
protection, any questions can be directed to <insert email> and <insert
phone>

4) ideally list the IP:NetBIOS_NAME:OLD_PASS:NEW_PASS in a text file on the
scanning machine. 

I'm probably going to end up spending the weekend learning VB to take care
of it, but thought I'd throw the question open to see if I didn¹t have to
re-invent the wheel.


On 3/31/04 11:29 PM, "Al Reust" <areust at comcast.net> wrote:

> Hello Daniel
> 
> from a "Local Machine" you can use the "Net User" command
> ie
>   net user administrator 123456
> 
> The problem is that you need to run this from a server and a share that is
> accessible to every machine. Anyone that found the share would know the
> Administrator Password. The safest deployment would be to have Scheduler
> run a command file on the Server. That command file would be called from
> the server not the local machine. So you attempt to make it "not" visible
> (I have not tested this). The next part is capturing every machine name,
> with 15,000 machines I presume that you would use the DHCP servers to see
> who is logged in.
> 
> The basics from the local machine are:
> 
>   net user administrator 123456    ; 123456 is the desired password.
> 
> Choosing the password that you desire. You can deploy the scheduler using
> the AT command. The quick example (untested), no error checking. First you
> create the list of the 15,000 machine names or active IP addresses. If they
> are DHCP the computer names is of the higher priority!
> 
> Basic idea:
> echo off
> for /F %i  in (machine-list) do AT 12:00 /next:wednesday
> \\server\share\updateadministrator.bat
> echo %i >> \\server\share\scheduledmachines.txt
> 
> administrator.bat
> echo off
> net user administrator 123456
> echo $computername% >> \\server\share$\complete.txt
> 
> Better idea not tested:
> 
> echo off:
> for /F %i  in (machine-list) do AT 12:00 /next:wednesday
> \\server\share$\updateadministrator.bat
> echo %i >> \\server\share\scheduledmachines.txt
> 
> The administrator.bat:
> echo off
> net user administrator 123456
> echo %computername% >> \\server\share$\complete.txt
> 
> end example
> 
> Because you stated 15,000 machine break it into parts and schedule a group
> for one day of the work week, with machine-list1 complete1.txt etc... Then
> the time to to remove complete machines. Yes it is time consuming but is
> the only way other than making a floppy and executing each from every local
> machine. Otherwise make them join the domain so that Group policy can do
> the work for you and report.
> 
> You should have 80% in the first week.
> 
> Obviously this can be used to push other things as well..
> 
> If you copy tools from the resource kit you can do other things like
> registry entries and forced shutdown and reboot
> 
> look at regini or shutdown from the resource kit.
> example, this was used to copy a warning banner on login:
> 
> REM startnt command file
> md c:\temp
> 
> If not exist c:\temp\done.txt
>     (
> net use \\dc101\warning
> xcopy \\dc101\warning\regini.exe c:\winnt\system32\
> xcopy \\dc101\warning\reg2bat.exe c:\winnt\system32\
> xcopy \\dc101\warning\shutdown.exe c:\winnt\system32\
> xcopy \\dc101\warning\warning.ini c:\temp\
> 
> net logoff
>  )
> 
> else goto done
> 
> :done
> 
> for /F %i IN (servers.txt) do regini -m "%i" warning.ini
> regini -m \\ "system name" warning.ini
> echo >>  %i \\dc101\warning\done.txt
> echo > done.txt      ;done.txt would say this machine has completed the
> operation.
> 
> end example.
> 
> R/
> 
> Al
> 
> At 10:11 AM 3/31/2004 -0500, you wrote:
> 
>> Hey guys,
>> 
>> I was hoping some of you could point me in the right direction help me out,
>> I need to find and reset poor local administrator passwords (even just
>> resetting NULL passwords would be a great help!) on approx 15k active IP's
>> that are not logged into the main Active Directory domain.
>> 
>> Does anyone happen to have a tool/script that can do this? Or any ideas that
>> may help me get through this evil task, my windows coding skills are
>> non-existent.
>> 
>> 
>> --
>> Regard
>> Daniel Hay
>> Owner - eBoundary
>> http://www.eboundary.com - Fast, reliable and secure hosting solutions.
> 
> R/
> 
> Al
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 

-- 
Regard
Daniel Hay
Owner - eBoundary
http://www.eboundary.com - Fast, reliable and secure hosting solutions.




More information about the list mailing list