Wrote this one up just to see if I could. Thought it might make for a good post exploit drop in case you wanted to monitor which users changed their passwords, maybe have it trigger a fresh dump of the domain hashes and mail them to you or post them somewhere. Whatever.
Spits out some errors about user names not found sometimes but it seems to get the job done.
-=The Script=-
@echo off
Echo +Getting User List
for /f "tokens=1,2,3 skip=6" %%a in ('net user /domain') do echo %%a >> C:\people.txt && echo %%b >> C:\people.txt && echo %%c >> C:\people.txt
Echo +Cleaning User List
for /f "tokens=*" %%d in (C:\people.txt) do if not "%%d" == "ECHO is on." if not "%%d" == "ECHO is off." if not "%%d" == "The " if not "%%d" == "command " if not "%%d" == "completed " echo %%d >> C:\cleanpeople.txt
del /f /q C:\people.txt
Echo +Setting Time Variables
if 0 == %date:~4,1% set mn=%date:~5,1%
if not 0 == %date:~4,1% set mn=%date:~4,2%
if 0 == %date:~7,1% set dy=%date:~8,1%
if not 0 == %date:~7,1% set dy=%date:~7,2%
set now=%mn%/%dy%/%date:~10,4%
Echo +Finding Active Accounts
for /f %%g in (C:\cleanpeople.txt) do for /f "tokens=3" %%h in ('net user %%g /domain ^| find /i "Account Active"') do if %%h == Yes echo %%g >> C:\activecleanpeople.txt
del /f /q C:\cleanpeople.txt
cls
Echo +Finding Users Who Changed Their Passords Today
for /f %%e in (C:\activecleanpeople.txt) do for /f "tokens=4" %%f in ('net user %%e /domain ^| find /i "Password last set"') do if %%f == %now% echo %%e changed their password today
del /f /q C:\activecleanpeople.txt
Echo Finished.
pause > nul
No comments:
Post a Comment
All comments moderated.
Comments like "sweet dude" or "this is awesome" or "thanks" will be denied,
if you've got something genuinely interesting to say, say it. Other than that just sit back and bask in the glory.