Home / server / Questions / 67706
Accepted
TheCleaner
Asked: 2009-09-23 06:38:04 +0800 CST

Tool to test a user account and password (test login)

  • 772

Yeah, I can fire up a VM or remote into something and try the password...I know...but is there a tool or script that will simulate a login just enough to confirm or deny that the password is correct?

Scenario:

A server service account's password is "forgotten"...but we think we know what it is. I'd like to pass the credentials to something and have it kick back with "correct password" or "incorrect password".

I even thought about a drive mapping script with that user account and password being passed to see if it mapped the drive successfully or not but got lost in the logic of making it work correctly...something like:

-Script asks for username via msgbox -script asks for password via msgbox -script tries to map a drive to a common share that everyone has access to -script unmaps drive if successful -script returns popup msgbox stating "Correct Password" or else "Incorrect Password"

Any help is appreciated...you'd think this would be a rare occurrence not requiring a tool to support it but...well....

windows

9 Answers

  1. Best Answer
    runas /u:yourdomain\a_test_user notepad.exe

    The utility will prompt for the password, if the right password has been provided, notepad will launch, if not it will produce error 1326: the username or password is incorrect

    • 105

  2. Powershell script:

    #usage: Test-UserCredential -username UserNameToTest -password (Read-Host)

Function Test-UserCredential { 
    Param($username, $password) 
    Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
    $ct = [System.DirectoryServices.AccountManagement.ContextType]::Machine, $env:computername 
    $opt = [System.DirectoryServices.AccountManagement.ContextOptions]::SimpleBind 
    $pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ct 
    $Result = $pc.ValidateCredentials($username, $password).ToString() 
    $Result 
}

    http://powershellcommunity.org/Forums/tabid/54/aft/8034/Default.aspx

    • 12

  3. You can also use:

    net use \\computername\sharename [password] /USER:]username]

    If there's a share by that name on the remote computer. Or, use C$ if the account is an admin.

    • 5

  4. You can write an easy vbscript function which can verify this...something like:

    Function GoodPassword(strAdminUsername, strAdminPassword, strNTDomain)
    Const ADS_SECURE_AUTHENTICATION = 1

    On Error Resume Next
    Set objIADS = GetObject("WinNT:").OpenDSObject("WinNT://" & _
                        strNTDomain, strAdminUserame, _
                        strAdminPassword, _
                        ADS_SECURE_AUTHENTICATION)
    if err.number = 0 then
       GoodPassword = True
    Else
       GoodPassword = False
    End If
    On Error GoTO 0
End Function

    Sources:

    http://www.4guysfromrolla.com/webtech/061202-1.shtml

    http://hsdn.net/category_3.html

    • 1

  5. On Windows desktop you can use Active Directory Explorer by SysInternals / MS itself :

    https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer

    • 1

  6. You could use one of the many well known tools out there to test passwords. One I saw is L0phtcrack. Maybe there is even a way to do this offline with a dump of you authentication database. In "the other world", we use "john the ripper" for stuff like this.

    • 0

  7. Using code from above, check all domain accounts to see if they are using a certain password.

    $usernames = Get-ADUser -Filter * | select -ExpandProperty SamAccountName

foreach ($username in $usernames) {
$password = "Password"
Add-Type -AssemblyName System.DirectoryServices.AccountManagement 
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Machine, $env:computername 
$opt = [System.DirectoryServices.AccountManagement.ContextOptions]::SimpleBind 
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ct 
$Result = $pc.ValidateCredentials("domain\$username", $password).ToString() 
If ($Result -eq "True") {echo "$username" >> C:\result.txt}
}
    • 0

  8. Open PowerShell with admin privilege and input below commands:

    change value of your_password and your_username

    $PlainPassword="your_password"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText-Force
$UserName = "your_username"
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName,$SecurePassword
Start-Process whoami -Credential $Credentials

    By using this, we create a credential with username and password, and pass this credential to Start-Process.Because whoami doesn't open a program in background so we don't care about how to close it.

    If you are trying to test user passwords on PC-A from PC-B, you can do this with WinRM and Python.

    Turn on WinRM on PC-A, and pip install pywinrm on PC-B. Pass the previous command to winrm.Session().run_ps(), check the result's status_code, 0 is correct while 1 is false.

    Reference

    Start-Process documentation: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/start-process?view=powershell-6

    Create Credentials: http://duffney.io/AddCredentialsToPowerShellFunctions

    How to turn on WinRM: https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management

    WinRM Quick Config: https://docs.microsoft.com/en-us/powershell/module/microsoft.wsman.management/set-wsmanquickconfig?view=powershell-6

    Basic WinRM configuration from Ansible: https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html

    • 0

  9. Why not use a network service with authentication (telnet, POP, IMAP, SMTP, what you want) ? Other side, if you are on the machine you can try su - userToTest from a non priv account. If the password is OK, you will be allowed in the userToTest homedir if the shell allow the connection

    • -1