/// <summary>
/// Test to see if two SecureStringHelpers have the same value inside them
/// </summary>
/// <param name="lh">SecureStringHelper1</param>
/// <param name="rh">SecureStringHelper2</param>
/// <returns>True if the internal value is the same, False if it is not</returns>
public bool Equals(SecureStringHelper p)
{
if (Object.ReferenceEquals(p, null))
{
return(false);
}
// Optimization for a common success case.
if (Object.ReferenceEquals(this, p))
{
return(true);
}
if (this.GetType() != p.GetType())
{
return(false);
}
IntPtr bstr1 = IntPtr.Zero;
IntPtr bstr2 = IntPtr.Zero;
try
{
bstr1 = Marshal.SecureStringToBSTR(secureString);
bstr2 = Marshal.SecureStringToBSTR(p.GetSecureString());
byte b1 = 1;
byte b2 = 1;
int i = 0;
while (((char)b1) != '\0')
{
b1 = Marshal.ReadByte(bstr1, i);
b2 = Marshal.ReadByte(bstr2, i);
if (b1 != b2)
{
return(false);
}
i += 2;
}
return(true);
}
finally
{
if (bstr1 != IntPtr.Zero)
{
Marshal.ZeroFreeBSTR(bstr1);
}
if (bstr2 != IntPtr.Zero)
{
Marshal.ZeroFreeBSTR(bstr2);
}
}
}
static void Main(string[] args)
{
// Default the username and domain to the current users.
string username = Environment.UserName;
string domain = Environment.UserDomainName;
// Handle parsing the domain and username if it is passed as an argument.
if (args.Length > 0)
{
if (args[0].Contains("\\"))
{
string[] parts = args[0].Split('\\');
if (!parts[0].Equals('.'))
{
domain = parts[0].Trim();
}
username = parts[1].Trim();
}
else
{
username = args[0];
}
}
// Setup to get info from user
Console.WriteLine("[+] Smart Password Change Utility");
Console.WriteLine(" Changing password for user: {0}\\{1}", domain, username);
int maxTries = 3;
int tries = 0;
while (tries < maxTries)
{
// Prompt for old password
Console.Write(" Old Password: "******" New Password: "******" This password has been found {0:N0} times in data breaches.\r\n Please try another password.\r\n", count);
newPassword1.Dispose();
goto prompt;
}
// Once we are good confirm the password
Console.Write(" Confirm Password: "******" Passwords don't match. Try again!\r\n");
oldPassword.Dispose();
newPassword1.Dispose();
newPassword2.Dispose();
continue;
}
else
{
// Setup to change the password
NET_API_STATUS result = (NET_API_STATUS)uint.MaxValue;
IntPtr oldPassPtr = IntPtr.Zero;
IntPtr newPassPtr = IntPtr.Zero;
try
{
// Get pointers to unmanaged memory containing the passwords
oldPassPtr = oldPassword.GetPointerToPasswordString();
newPassPtr = newPassword1.GetPointerToPasswordString();
// Change the password
result = PasswordWrapper.NetUserChangePassword(domain, username, oldPassPtr, newPassPtr);
}
finally
{
// Cleanup the unmanaged memory
if (oldPassPtr != IntPtr.Zero)
{
Marshal.ZeroFreeGlobalAllocUnicode(oldPassPtr);
}
if (newPassPtr != IntPtr.Zero)
{
Marshal.ZeroFreeGlobalAllocUnicode(newPassPtr);
}
oldPassword.Dispose();
newPassword1.Dispose();
newPassword2.Dispose();
}
// Check the results of the password change.
if (result == 0)
{
Console.WriteLine("[+] Password Changed! Please Log Out And Use New Password To Log In.");
break;
}
Console.WriteLine("[-] Error: {0} [{1} tries remaining]", result, maxTries - tries - 1);
tries++;
}
}
}
