Esempio n. 1
0
        /// <summary>
        /// Test to see if two SecureStringHelpers have the same value inside them
        /// </summary>
        /// <param name="lh">SecureStringHelper1</param>
        /// <param name="rh">SecureStringHelper2</param>
        /// <returns>True if the internal value is the same, False if it is not</returns>
        public bool Equals(SecureStringHelper p)
        {
            if (Object.ReferenceEquals(p, null))
            {
                return(false);
            }

            // Optimization for a common success case.
            if (Object.ReferenceEquals(this, p))
            {
                return(true);
            }

            if (this.GetType() != p.GetType())
            {
                return(false);
            }

            IntPtr bstr1 = IntPtr.Zero;
            IntPtr bstr2 = IntPtr.Zero;

            try
            {
                bstr1 = Marshal.SecureStringToBSTR(secureString);
                bstr2 = Marshal.SecureStringToBSTR(p.GetSecureString());
                byte b1 = 1;
                byte b2 = 1;
                int  i  = 0;
                while (((char)b1) != '\0')
                {
                    b1 = Marshal.ReadByte(bstr1, i);
                    b2 = Marshal.ReadByte(bstr2, i);
                    if (b1 != b2)
                    {
                        return(false);
                    }
                    i += 2;
                }
                return(true);
            }
            finally
            {
                if (bstr1 != IntPtr.Zero)
                {
                    Marshal.ZeroFreeBSTR(bstr1);
                }
                if (bstr2 != IntPtr.Zero)
                {
                    Marshal.ZeroFreeBSTR(bstr2);
                }
            }
        }
Esempio n. 2
0
        static void Main(string[] args)
        {
            // Default the username and domain to the current users.
            string username = Environment.UserName;
            string domain   = Environment.UserDomainName;

            // Handle parsing the domain and username if it is passed as an argument.
            if (args.Length > 0)
            {
                if (args[0].Contains("\\"))
                {
                    string[] parts = args[0].Split('\\');
                    if (!parts[0].Equals('.'))
                    {
                        domain = parts[0].Trim();
                    }
                    username = parts[1].Trim();
                }
                else
                {
                    username = args[0];
                }
            }

            // Setup to get info from user
            Console.WriteLine("[+] Smart Password Change Utility");
            Console.WriteLine("    Changing password for user: {0}\\{1}", domain, username);
            int maxTries = 3;
            int tries    = 0;

            while (tries < maxTries)
            {
                // Prompt for old password
                Console.Write("    Old Password: "******"    New Password: "******"    This password has been found {0:N0} times in data breaches.\r\n    Please try another password.\r\n", count);
                    newPassword1.Dispose();
                    goto prompt;
                }

                // Once we are good confirm the password
                Console.Write("    Confirm Password: "******"    Passwords don't match. Try again!\r\n");
                    oldPassword.Dispose();
                    newPassword1.Dispose();
                    newPassword2.Dispose();
                    continue;
                }
                else
                {
                    // Setup to change the password
                    NET_API_STATUS result     = (NET_API_STATUS)uint.MaxValue;
                    IntPtr         oldPassPtr = IntPtr.Zero;
                    IntPtr         newPassPtr = IntPtr.Zero;
                    try
                    {
                        // Get pointers to unmanaged memory containing the passwords
                        oldPassPtr = oldPassword.GetPointerToPasswordString();
                        newPassPtr = newPassword1.GetPointerToPasswordString();

                        // Change the password
                        result = PasswordWrapper.NetUserChangePassword(domain, username, oldPassPtr, newPassPtr);
                    }
                    finally
                    {
                        // Cleanup the unmanaged memory
                        if (oldPassPtr != IntPtr.Zero)
                        {
                            Marshal.ZeroFreeGlobalAllocUnicode(oldPassPtr);
                        }
                        if (newPassPtr != IntPtr.Zero)
                        {
                            Marshal.ZeroFreeGlobalAllocUnicode(newPassPtr);
                        }
                        oldPassword.Dispose();
                        newPassword1.Dispose();
                        newPassword2.Dispose();
                    }

                    // Check the results of the password change.
                    if (result == 0)
                    {
                        Console.WriteLine("[+] Password Changed! Please Log Out And Use New Password To Log In.");
                        break;
                    }

                    Console.WriteLine("[-] Error: {0} [{1} tries remaining]", result, maxTries - tries - 1);
                    tries++;
                }
            }
        }