/// <summary> /// Test to see if two SecureStringHelpers have the same value inside them /// </summary> /// <param name="lh">SecureStringHelper1</param> /// <param name="rh">SecureStringHelper2</param> /// <returns>True if the internal value is the same, False if it is not</returns> public bool Equals(SecureStringHelper p) { if (Object.ReferenceEquals(p, null)) { return(false); } // Optimization for a common success case. if (Object.ReferenceEquals(this, p)) { return(true); } if (this.GetType() != p.GetType()) { return(false); } IntPtr bstr1 = IntPtr.Zero; IntPtr bstr2 = IntPtr.Zero; try { bstr1 = Marshal.SecureStringToBSTR(secureString); bstr2 = Marshal.SecureStringToBSTR(p.GetSecureString()); byte b1 = 1; byte b2 = 1; int i = 0; while (((char)b1) != '\0') { b1 = Marshal.ReadByte(bstr1, i); b2 = Marshal.ReadByte(bstr2, i); if (b1 != b2) { return(false); } i += 2; } return(true); } finally { if (bstr1 != IntPtr.Zero) { Marshal.ZeroFreeBSTR(bstr1); } if (bstr2 != IntPtr.Zero) { Marshal.ZeroFreeBSTR(bstr2); } } }
static void Main(string[] args) { // Default the username and domain to the current users. string username = Environment.UserName; string domain = Environment.UserDomainName; // Handle parsing the domain and username if it is passed as an argument. if (args.Length > 0) { if (args[0].Contains("\\")) { string[] parts = args[0].Split('\\'); if (!parts[0].Equals('.')) { domain = parts[0].Trim(); } username = parts[1].Trim(); } else { username = args[0]; } } // Setup to get info from user Console.WriteLine("[+] Smart Password Change Utility"); Console.WriteLine(" Changing password for user: {0}\\{1}", domain, username); int maxTries = 3; int tries = 0; while (tries < maxTries) { // Prompt for old password Console.Write(" Old Password: "******" New Password: "******" This password has been found {0:N0} times in data breaches.\r\n Please try another password.\r\n", count); newPassword1.Dispose(); goto prompt; } // Once we are good confirm the password Console.Write(" Confirm Password: "******" Passwords don't match. Try again!\r\n"); oldPassword.Dispose(); newPassword1.Dispose(); newPassword2.Dispose(); continue; } else { // Setup to change the password NET_API_STATUS result = (NET_API_STATUS)uint.MaxValue; IntPtr oldPassPtr = IntPtr.Zero; IntPtr newPassPtr = IntPtr.Zero; try { // Get pointers to unmanaged memory containing the passwords oldPassPtr = oldPassword.GetPointerToPasswordString(); newPassPtr = newPassword1.GetPointerToPasswordString(); // Change the password result = PasswordWrapper.NetUserChangePassword(domain, username, oldPassPtr, newPassPtr); } finally { // Cleanup the unmanaged memory if (oldPassPtr != IntPtr.Zero) { Marshal.ZeroFreeGlobalAllocUnicode(oldPassPtr); } if (newPassPtr != IntPtr.Zero) { Marshal.ZeroFreeGlobalAllocUnicode(newPassPtr); } oldPassword.Dispose(); newPassword1.Dispose(); newPassword2.Dispose(); } // Check the results of the password change. if (result == 0) { Console.WriteLine("[+] Password Changed! Please Log Out And Use New Password To Log In."); break; } Console.WriteLine("[-] Error: {0} [{1} tries remaining]", result, maxTries - tries - 1); tries++; } } }