Archive for category White Hat Hacking

How to programmatically change your Windows domain password using C# (.NET)

Posted by Brian Seekford in .NET Development, C#, White Hat Hacking on April 16, 2013

Ever wanted to write a program that would change your password for you? Why on earth would you want this? Well, imagine you have a password policy that requires you to change your password every X days. Well, maybe you like your password and think it dumb to have to keep changing it. Maybe you would forget your new password and resort to writing it down.

Ideally, you should come up with a good password to begin with, then changing it would not be really necessary. Unless of course you are under attack by the Chinese.

So, I wrote a program that changes the password in code. Moreover, it does it multiple times then the puts it back to the original. My problem solved. Here is the code for your education and amusement. Now that you know how to change your password, will you use this for purposes of good or evil? Try leaving the world a better place.

using System;
using System.DirectoryServices.AccountManagement;
using System.Security.Principal;
using System.Windows.Forms;

namespace KeepMyPassword
{
    public partial class fKeepMyPassword : Form
    {
        public fKeepMyPassword()
        {
            InitializeComponent();
        }

        private void cmdChangePassword_Click(object sender, EventArgs e)
        {
            txtCurrentPassword.Enabled = false;
            cmdChangePassword.Enabled = false;
            try
            {
                ChangePassword(txtCurrentPassword.Text);
            }
            catch (Exception ex)
            {
                MessageBox.Show("An error occurred:" + ex.Message);
            }

            txtCurrentPassword.Enabled = true;
            cmdChangePassword.Enabled = true;
        }

        private string currentPassword;
        private void ChangePassword(string p)
        {
            var currentUser = WindowsIdentity.GetCurrent().Name;
            currentPassword = p;
            try
            {
                using (var context = new PrincipalContext(ContextType.Domain))
                using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, currentUser))
                {
                    for (int ix = 0; ix < 10; ix++)
                    {
                        var newPassword = p + (char)(((int)'a') + ix);
                        user.ChangePassword(currentPassword, newPassword);
                        currentPassword = newPassword;
                    }
                    user.ChangePassword(currentPassword, p);
                    currentPassword = p;
                    MessageBox.Show("Password has been reset and back to original");
                }
                //set back to normal
            }
            catch (Exception ex)
            {
                MessageBox.Show("An error occurred:" + ex.Message + "\nYour password is now: " + currentPassword);
            }
        }
    }
}

Happy Coding!

 

KeepMyPassword <- you can download the compiled exe if you wish. Needs .NET 4.0 to run.

, , , , ,

No Comments

.NET Illuminator v1 Alpha Released to the wild

Posted by Brian Seekford in .NET Development, C#, SQL, White Hat Hacking on September 11, 2009

So….I finally decided to release my alpha version to all you hooligans who want to see whats under the hood of fellow .NET’ers applications. You can use .NET Illuminator to see all the UI objects in another .NET application and even manipulate them. Yes, pretend like you are in Visual Studios Form Designer and just start viewing and changing properties.

You can also view all connection strings the application has used to any SQL  servers.

I will post more when I add more.  Happy hacking!

Click here for .NET Illuminator Page

, , , , , , ,

No Comments

Let’s all jump into the pool..The SQL Connection pool that is..

Posted by Brian Seekford in .NET Development, C#, SQL, White Hat Hacking on August 25, 2009

I was out swimming in the data pool and I started thinking to myself, how many people are sharing the same pool without me even knowing they are there? How did I even get into the pool? And why is the water so cold?

Well, if you are using ADO.NET with SqlConnection , you are playing in the pool to. ADO.NET is a pretty smart animal. It realizes that if you are going to be connecting to a database a lot, then its probably a good idea to keep the connection to the database server open awhile. It does this behind the scenes, so when you create multiple data connections, it only really grabs one from the available pool of connections and uses those.

So….with that in mind, I started thinking about how I can tell what data connections an application has used and who is swimming in my pool. Coupling that with the brainstorming involved in .NET Illuminator, I came up with a very nice and simple piece of code that grabs all the connection strings from the Pool and throws them in rafts for you to see.

Why might this be handy for .NET Illuminator, well…Its always interesting to see what data connections an app has made and what the connection string is for them :)

Here is my simplistic example of using C# with .NET to walk the SQL pooled connections and return their connection strings.

         /// <summary>
        /// Loads all pooled connection strings.
        /// </summary>
        /// <returns></returns>
        public static List<string> LoadAllPooledConnectionStrings()
        {
            try
            {
                SqlConnection connection = new SqlConnection();

                FieldInfo connectionFactory = connection.GetType().GetField("_connectionFactory", BindingFlags.GetField | BindingFlags.NonPublic | BindingFlags.Static);

                object cFactory = connectionFactory.GetValue(connection);
                FieldInfo connectionPoolDictionary = connectionFactory.FieldType.GetField("_connectionPoolGroups", BindingFlags.GetField | BindingFlags.NonPublic | BindingFlags.Instance);

                object dictPools = connectionPoolDictionary.GetValue(cFactory);

                Type poolDictionaryType = dictPools.GetType();
                PropertyInfo pooledKeys = poolDictionaryType.GetProperty("Keys", BindingFlags.Public | BindingFlags.Instance);

                object keys = pooledKeys.GetValue(dictPools, null);

                List<string> allKeys = new List<string>();
                foreach (object key in (IEnumerable)keys)
                    allKeys.Add(key.ToString());
                return allKeys;
            }catch(Exception err)
            {
                throw err;
            }
        }

So…What did we learn? Just because you don’t see the pool….smell the chlorine…or even get wet, you open a data connection and you have jumped all the way in.. and left your stench behind in the water..

Happy swimming!

, , , , ,

No Comments

Do I need a shot because I am thinking of an Injection?

Posted by Brian Seekford in .NET Development, White Hat Hacking on August 24, 2009

I began thinking more and more about writing an application that is able to “illuminate” another .NET process. Basically, I want to be able to inject some code into another .NET application and then provide the ability to see all of the user controls and Forms loaded in the application as objects that can be manipulated.

I am working on creating the application that will shove itself in there and let you see every active control and Form and let you manipulate the properties of them all realtime. Make the button active. Show the hidden panel. Change the text on a label for your own amusement.

It should be ready in the next few days, so stay tuned for .NET Illuminator…

, , , ,

No Comments