[Dshield] Change windows local passwords remotely

Al Reust areust at comcast.net
Tue Apr 20 03:52:49 GMT 2004

Hello All

Back to basics! Back in the "Olden Days" a lot of things were ran from 
"Batch Files" there were things that you wished were there and things that 
you could do. A network ran from hundreds of batch files... This topic 
stirred a bit of nostalgia. I decided that I could share a bit, of 
information, that you can build from...

I had reason to go write a script that needed to check a "lot" of machines 
some were domain members and some were not. So after capturing the list of 
machines (machines.txt) built a newer basic front end for what I needed to 
find. It needed to report that a machine is not turned on (which is a bit 
tougher)... but it is included in the script. You are welcome to abuse it 
as you see fit. If you find interesting things that you can build with the 
script, you should share it with the group (or at least me)... Yes this can 
be used to change administrator passwords, set AT jobs etc... it has many 
uses for a start of multiple machines...

The basic purpose was to connect to up to 10,000~ workstations a couple 
hundred Servers and test for something. Report what it found and what 
machines could not be contacted.

<Highlight below the Dotted Line>
REM Search.bat
REM Search through a known set of machines for Trojan Programs or
REM graphics or music or bad things that should not be there.
REM Or to run through a list of machine to preform other useful functions.
REM This implies that you have a list of machines that you want to
REM perform some operation against.
REM This script will function with about any OS that you have a
REM common Administrator Password for.
REM This is ran at the lowest level!
REM you need to create (1) simple zero byte file named "oops"
REM Al Reust, version 1.0 April 12 2004

REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:\administrator 
REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ 
/u:domain\administrator password

For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:\administrator Password
REM	net use forcing a drive letter that can be connected to.
	echo ------ >> completed.txt
	date /t >> completed.txt
	time /t >> completed.txt
	echo %%i >> completed.txt
	copy oops z:\winnt
REM	echo %errorlevel% >> completed.txt ; to see what errorlevel is being 
REM	Next check to see if the Net Use happened, if it failed I want to know.
REM	This also useful for the "after the fact" sort/compare.
	IF errorlevel = 1 echo "\\%%i has a problem" >> badmachines.txt

REM 1. I hate little files that collect that could confuse the issue.
REM or if I want to reuse the same semaphore, need to remove it.
REM	Use One or the Other of the lines below.
If exist z:\winnt\oops del z:\winnt\oops

REM 2. If the Net Use was successful log it.
REM If exist z:\winnt\oops echo "\\%%i has been completed" >> completed.txt

REM This can allow you to run it against machines that are "on" or can be 
REM Add what you want to happen here.. Between the Parenthesis

REM 3 . If exist z:\\winnt\oops ( do some silly command or group of commands
REM 	)

net use Z: /delete

REM pause ; this can be helpful in troubleshooting why it don't work.....
<End Highlight here>

So if you create a batch file called search.bat and run it along with the 
file "oops" (which you need to create, such as right click on the folder 
where you saved "search.bat" and create a new text document called "oops") 
it will work just fine. It is very low level/brute force with basic error 
checking for what it does... You have to "obtain" your own list of machine 
names, if you really need the idea on how. Type net view at the cmd prompt 
and pipe it a file (you have to get rid of the whack whacks) or try the 
"netdom" command for domain level lists... There are other ways also.

There are several things in the script that are "remarked" (REM) out that 
are also useful, but then you have to read... There are other things that 
can be done at a higher level, if you are dealing with Win9x and NT and 2K 
and XP this should work for all.

No it is not WSH, WSH (with WMI), VBScripts or other things...

Obviously if you want to play with this then make a master copy...



More information about the list mailing list