[Dshield] Change windows local passwords remotely
areust at comcast.net
Wed Apr 21 03:53:03 GMT 2004
Hello Daniel et al...
My last posting was the basic script that works with Win3.x, Win 9.x and
upwards. At the end of your original question/comment I will post the basic
"script" that will "reset" every machine with a "NULL" password. It builds
on the basic "low level" script that I offered. Completed.txt will tell
which machines you were successful for and badmachines.txt will tell which
machines had a password other than a NULL. That is for you to sort. With
Johannes permission anyone is welcome to build from the basic script. I
know that there are a lot of people that have never been there before. Once
again the Caution, if you do not have explicit permission. You place
yourself at risk
At 10:11 AM 3/31/2004 -0500, you wrote:
>I was hoping some of you could point me in the right direction help me out,
>I need to find and reset poor local administrator passwords (even just
>resetting NULL passwords would be a great help!) on approx 15k active IP's
>that are not logged into the main Active Directory domain.
>Does anyone happen to have a tool/script that can do this? Or any ideas that
>may help me get through this evil task, my windows coding skills are
This was tested as working.
REM Search through a known set of machines for Trojan Programs or
REM graphics or music or bad things that should not be there.
REM Or to run through a list of machine to preform useful functions.
REM This implies that you have a list of machines that you want to
REM some operation against.
REM This script will function with about any OS that you have a
REM common Administrator Password for.
REM This is ran at the lowest level!
REM you need to create (1) simple zero byte file named "oops"
REM Al Reust, version 1.0 April 16 2004
REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:\administrator
REM For /f %%i in (machine.txt) Do (net use z: \\%%i\c$
REM This checks for Machines with a NULL Password on the administrator account
For /f %%i in (machine.txt) Do (net use z: \\%%i\c$ /u:administrator ""
REM net use forcing a drive letter that can be connected to.
echo ------ >> completed.txt
date /t >> completed.txt
time /t >> completed.txt
echo %%i >> completed.txt
copy oops z:\winnt
REM echo %errorlevel% >> completed.txt ; to see what errorlevel is
REM Next check to see if the Net Use happened, if it failed I want to know.
REM This also useful for the "after the fact" sort/compare.
IF errorlevel = 1 echo "\\%%i has a problem" >> badmachines.txt
REM This also tells you what machines did not have a NULL Password.
REM 1. I hate little files that collect that could confuse the issue.
REM Use One or the Other of the lines below.
REM If exist z:\winnt\oops del z:\winnt\oops
REM 2. If the Net Use was successful log it.
If exist z:\winnt\oops echo "\\%%i has been connected" >> completed.txt
REM This can allow you to run it against machines that are "on" or can be
REM Add what you want to happen here.. Between the Parenthesis
If exist z:\\winnt\oops (
cusrmgr -u administrator -m \\%%i -P Password
IF errorlevel = 0 echo "\\%%i changed the Administrator
Password" >> completed.txt
net use Z: /delete
I received a couple of private emails, a portion of what was pointed out
that the world has grown beyond the simple batch file. I do have to admit
that is true (LOL), but to make more "betta" things work you have to insure
it works across all platforms at the lowest common denominator. Then build
from there, thus the very simplistic script/batch file.
By changing the extension from ".bat" to ".cmd" you can then access other
system %variables% that can make life easier.
More information about the list