Created
October 25, 2011 02:54
-
-
Save p120ph37/1311172 to your computer and use it in GitHub Desktop.
Script which may be run when your domain policy forces you to reset your password. Uses smbclient to repeatedly change your Active Directory password until it is allowed to set it back to your original password again.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
use warnings; | |
use strict; | |
use Getopt::Long; | |
use IO::Handle; | |
use IPC::Open3; | |
use Term::ReadKey; | |
use vars '$chpw_msg'; | |
my $usage = <<END; | |
$0 --server=<server> --user=<user> [--pass=<pass>] | |
Description: | |
Resets your AD password a number of times to evade the AD password | |
reuse restriction, and end up back at your original password with | |
the forced-reset timer appeased. | |
Options: | |
--help display this message | |
--server server or Active Directory domain controller on which to change password | |
-s alias for --server | |
--user Active Directory username to operate on | |
-u alias for --user | |
--pass current password for AD user | |
(if not supplied on command-line, this will | |
be interactively prompted for) | |
-p alias for --pass | |
END | |
my $opt = {}; | |
GetOptions($opt, 'server|s:s', 'user|u:s', 'pass|p:s', 'help|h|?'); | |
if($opt->{'help'}) { | |
print $usage; | |
exit 1; | |
} elsif(not ($opt->{'server'} and $opt->{'user'})) { | |
warn "Invalid options.\n$usage"; | |
exit 2; | |
} | |
if(not $opt->{'pass'}) { | |
print "Password: "; | |
ReadMode 2; | |
$opt->{'pass'} = <STDIN>; | |
print "\n"; | |
ReadMode 0; | |
chomp $opt->{'pass'}; | |
print "Using user-input password.\n"; | |
} | |
my $i = 1; | |
# initial change (also serves to verify that settings are correct) | |
chpw(@{$opt}{'server', 'user', 'pass'}, $opt->{'pass'}."-temp$i") | |
and do { | |
warn "Initial smbpasswd call failed.\n"; | |
warn "Your password remains unchanged.\n"; | |
warn "smbpasswd output was:\n$chpw_msg"; | |
exit 3; | |
}; | |
print "Your password is now: <pass>-temp$i\n"; | |
while(1) { | |
# see if we can set the password back to your original yet | |
chpw(@{$opt}{'server', 'user'}, $opt->{'pass'}."-temp$i", $opt->{'pass'}) or last; | |
# guess not - we need to use another dummy password... | |
chpw(@{$opt}{'server', 'user'}, $opt->{'pass'}."-temp$i", $opt->{'pass'}.'-temp'.++$i) | |
and do { | |
warn "An smbpasswd call failed.\n"; | |
warn "Your password is currently: <pass>-temp".(--$i)."\n"; | |
warn "smbpasswd output was:\n$chpw_msg"; | |
exit 3; | |
}; | |
print "Your password is now: <pass>-temp$i\n"; | |
} | |
print "Your password is now back to normal and the change date has been reset.\n"; | |
exit 0; | |
sub chpw { | |
my($s, $u, $o, $n) = @_; | |
my $sp = open3(my($p0, $p1, $p2), 'smbpasswd', '-r', $s, '-U', $u, '-s'); | |
$p0->autoflush(1); | |
print $p0 "$o\n$n\n$n\n"; | |
$chpw_msg = join('', <$p1>, ($p2 ? <$p2> : ())); | |
waitpid $sp, 0; | |
return $? >> 8; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment