[Dshield] Change windows local passwords remotely

Al Reust areust at comcast.net
Thu Apr 1 06:21:51 GMT 2004


Hello Daniel

My wife wanted to say your are So Screwed! Obviously the University has a 
Serious Security Policies Problem.  NO VB won't do it! You obviously do not 
know how many machines of the 15,000 are already owned by script kiddies...

You could create a script that would create the Administrative User that 
would allow you access.. If the user does not click on the script they get 
locked out! The Computer is set on a desk before they connect to the 
network.. An IT person runs the script. Then you could use the scripts that 
I sent.

Otherwise please send me a user name for one of the machines I Will glady 
send Beagle!  That will convince the morons that some kind of Security 
Policy needs to be enforced. It should be done at checkin before the 
machine is EVER connected to the network. Run this script (click on this 
link). That would create an administrator account for IT

What you just described can not be done!  Anarchy Rules!

Go buy Lopthcrack and start cracking your own network.. One machine at a 
time. Make sure it is a 3 gig Xeon 1meg L2 cache, with Lots of RAM! That 
should be good for about 6 months of work.

If I looked at the "user" plopped down the PC on a desk and the script took 
5 minutes to connect the PC and it was Done. Or cracking the 15,000 
machines as an average of 20 minutes/machine.... How much is it going to 
cost in lost time for "Security" this does not mention what would happen if 
something really bad got loose! You could shut the entire network off.. and 
start it a piece at time and start squashing bugs.. Then shut it off and 
then next network segment.. Start with a Quarter Million cost not to 
mention other damages.. Can the University afford that?

You are telling us of the Next Horror Story that is about to happen and 
want to know if there is an easy way out. No there is not! Create a domain 
and make every user log into the Domain if they want/need Internet/wan 
access! Then you can control them without the cost of hundreds of 
Thousands. That is the only sure way. Other than Nix, you can catch all the 
Win Os's. The user agreement when they connect the machine to the network 
allows you to do what is needed. Otherwise DHCP prevents them. Nix machines 
you will need to deal with on a case basis.

When they sign the user agreement, then they have to comply..

R/

Al


At 12:05 AM 4/1/2004 -0500, you wrote:

>Thanks, unfortunately this is going to be run in a university environment as
>such we do not have direct control/physical access to all the machines so I
>don't think this method would work (unless I'm misunderstanding what your
>trying to tell me it is late afterall :) )
>
>This is why we're looking for a tool that can attempt to login to the
>machine remotely using the c$ share for instance using a list of passwords,
>if it is successful it would reset the password and send the user a message
>to let them know we reset the password.
>
>The procedure I see in my head would be something along the lines of
>
>1) Connect to a machine, see if it has a NULL password or a weak password
>from a predefined list of bad passwords
>
>2) if it can login with the given passwords, it should reset the password to
>something better (random strings or predefined, I'm easy)
>
>3) after a successful password change send the machine a winpopup telling
>them the administrator password was insecure and has been changed for their
>protection, any questions can be directed to <insert email> and <insert
>phone>
>
>4) ideally list the IP:NetBIOS_NAME:OLD_PASS:NEW_PASS in a text file on the
>scanning machine.
>
>I'm probably going to end up spending the weekend learning VB to take care
>of it, but thought I'd throw the question open to see if I didn¹t have to
>re-invent the wheel.
>
>
>On 3/31/04 11:29 PM, "Al Reust" <areust at comcast.net> wrote:
>
> > Hello Daniel
> >
> > from a "Local Machine" you can use the "Net User" command
> > ie
> >   net user administrator 123456
> >
> > The problem is that you need to run this from a server and a share that is
> > accessible to every machine. Anyone that found the share would know the
> > Administrator Password. The safest deployment would be to have Scheduler
> > run a command file on the Server. That command file would be called from
> > the server not the local machine. So you attempt to make it "not" visible
> > (I have not tested this). The next part is capturing every machine name,
> > with 15,000 machines I presume that you would use the DHCP servers to see
> > who is logged in.
> >
> > The basics from the local machine are:
> >
> >   net user administrator 123456    ; 123456 is the desired password.
> >
> > Choosing the password that you desire. You can deploy the scheduler using
> > the AT command. The quick example (untested), no error checking. First you
> > create the list of the 15,000 machine names or active IP addresses. If they
> > are DHCP the computer names is of the higher priority!
> >
> > Basic idea:
> > echo off
> > for /F %i  in (machine-list) do AT 12:00 /next:wednesday
> > \\server\share\updateadministrator.bat
> > echo %i >> \\server\share\scheduledmachines.txt
> >
> > administrator.bat
> > echo off
> > net user administrator 123456
> > echo $computername% >> \\server\share$\complete.txt
> >
> > Better idea not tested:
> >
> > echo off:
> > for /F %i  in (machine-list) do AT 12:00 /next:wednesday
> > \\server\share$\updateadministrator.bat
> > echo %i >> \\server\share\scheduledmachines.txt
> >
> > The administrator.bat:
> > echo off
> > net user administrator 123456
> > echo %computername% >> \\server\share$\complete.txt
> >
> > end example
> >
> > Because you stated 15,000 machine break it into parts and schedule a group
> > for one day of the work week, with machine-list1 complete1.txt etc... Then
> > the time to to remove complete machines. Yes it is time consuming but is
> > the only way other than making a floppy and executing each from every local
> > machine. Otherwise make them join the domain so that Group policy can do
> > the work for you and report.
> >
> > You should have 80% in the first week.
> >
> > Obviously this can be used to push other things as well..
> >
> > If you copy tools from the resource kit you can do other things like
> > registry entries and forced shutdown and reboot
> >
> > look at regini or shutdown from the resource kit.
> > example, this was used to copy a warning banner on login:
> >
> > REM startnt command file
> > md c:\temp
> >
> > If not exist c:\temp\done.txt
> >     (
> > net use \\dc101\warning
> > xcopy \\dc101\warning\regini.exe c:\winnt\system32\
> > xcopy \\dc101\warning\reg2bat.exe c:\winnt\system32\
> > xcopy \\dc101\warning\shutdown.exe c:\winnt\system32\
> > xcopy \\dc101\warning\warning.ini c:\temp\
> >
> > net logoff
> >  )
> >
> > else goto done
> >
> > :done
> >
> > for /F %i IN (servers.txt) do regini -m "%i" warning.ini
> > regini -m \\ "system name" warning.ini
> > echo >>  %i \\dc101\warning\done.txt
> > echo > done.txt      ;done.txt would say this machine has completed the
> > operation.
> >
> > end example.
> >
> > R/
> >
> > Al
> >
> > At 10:11 AM 3/31/2004 -0500, you wrote:
> >
> >> Hey guys,
> >>
> >> I was hoping some of you could point me in the right direction help me 
> out,
> >> I need to find and reset poor local administrator passwords (even just
> >> resetting NULL passwords would be a great help!) on approx 15k active IP's
> >> that are not logged into the main Active Directory domain.
> >>
> >> Does anyone happen to have a tool/script that can do this? Or any 
> ideas that
> >> may help me get through this evil task, my windows coding skills are
> >> non-existent.
> >>
> >>
> >> --
> >> Regard
> >> Daniel Hay
> >> Owner - eBoundary
> >> http://www.eboundary.com - Fast, reliable and secure hosting solutions.
> >
> > R/
> >
> > Al
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
>
>--
>Regard
>Daniel Hay
>Owner - eBoundary
>http://www.eboundary.com - Fast, reliable and secure hosting solutions.
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list