[Dshield] Change windows local passwords remotely

Al Reust areust at comcast.net
Wed Apr 21 03:53:03 GMT 2004

Hello Daniel et al...

My last posting was the basic script that works with Win3.x, Win 9.x and 
upwards. At the end of your original question/comment I will post the basic 
"script" that will "reset" every machine with a "NULL" password. It builds 
on the basic "low level" script that I offered. Completed.txt will tell 
which machines you were successful for and badmachines.txt will tell which 
machines had a password other than a NULL. That is for you to sort. With 
Johannes permission anyone is welcome to build from the basic script. I 
know that there are a lot of people that have never been there before. Once 
again the Caution, if you do not have explicit permission. You place 
yourself at risk

At 10:11 AM 3/31/2004 -0500, you wrote:

>Hey guys,
>I was hoping some of you could point me in the right direction help me out,
>I need to find and reset poor local administrator passwords (even just
>resetting NULL passwords would be a great help!) on approx 15k active IP's
>that are not logged into the main Active Directory domain.
>Does anyone happen to have a tool/script that can do this? Or any ideas that
>may help me get through this evil task, my windows coding skills are

This was tested as working.

<Start Search.bat>
REM Search.bat
REM Search through a known set of machines for Trojan Programs or
REM graphics or music or bad things that should not be there.
REM Or to run through a list of machine to preform useful functions.
REM This implies that you have a list of machines that you want to
REM some operation against.
REM This script will function with about any OS that you have a
REM common Administrator Password for.
REM This is ran at the lowest level!
REM you need to create (1) simple zero byte file named "oops"
REM Al Reust, version 1.0 April 16 2004

REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:\administrator 
REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ 
/u:domain\administrator password

REM  This checks for Machines with a NULL Password on the administrator account
For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:administrator ""
REM     net use forcing a drive letter that can be connected to.
         echo ------ >> completed.txt
         date /t >> completed.txt
         time /t >> completed.txt
         echo %%i >> completed.txt
         copy oops z:\winnt
REM     echo %errorlevel% >> completed.txt ; to see what errorlevel is 
being presented
REM     Next check to see if the Net Use happened, if it failed I want to know.
REM     This also useful for the "after the fact" sort/compare.
         IF errorlevel = 1 echo "\\%%i has a problem" >> badmachines.txt
REM   This also tells you what machines did not have a NULL Password.

REM 1. I hate little files that collect that could confuse the issue.
REM     Use One or the Other of the lines below.
REM If exist z:\winnt\oops del z:\winnt\oops

REM 2. If the Net Use was successful log it.
If exist z:\winnt\oops echo "\\%%i has been connected" >> completed.txt

REM This can allow you to run it against machines that are "on" or can be 
REM Add what you want to happen here.. Between the Parenthesis

If exist z:\\winnt\oops (
         cusrmgr -u administrator -m \\%%i -P Password
         IF errorlevel = 0 echo "\\%%i changed the Administrator 
Password" >> completed.txt

net use Z: /delete
REM pause

<End Search.bat>

I received a couple of private emails, a portion of what was pointed out 
that the world has grown beyond the simple batch file. I do have to admit 
that is true (LOL), but to make more "betta" things work you have to insure 
it works across all platforms at the lowest common denominator. Then build 
from there, thus the very simplistic script/batch file.

By changing the extension from ".bat" to ".cmd" you can then access other 
system %variables% that can make life easier.

More information about the list mailing list