Member Avatar for BCBTP

I am not really good at HTML, (I assume this is HTML, at least, I do C++ mainly).
I found this thing called "passwordreset.htm" and I got a little curious(this is on a school computer). I decided to open it, and I found something that looks like a password reset tool. I tried to reset my own, but it gave me error in line (I forget), continue to run script and Yes or No appeared. I opened in notepad and sent to my email to look at the source later. Here it is

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="description" content="Created by NAMES CENSORED BY POSTER">
<meta name="description" content="Version Number: Beta2">
<meta name="description" content="Last Update: 11/28/06">
<title>ADUC Password Utility</title>
<script language="vbscript">
'This Sub controls various settings when the HTA is launched.
Sub window_OnLoad()
'On Error Resume Next
 'Set window size
 self.ResizeTo 675,525
 BaseUserInfo.innerhtml = "<center><br>User account information will display in this area once searched<br></center>"
End Sub
'This Sub contains the code behind the userid search button
Sub useridsearch
'Define Constant and declare variables
Const ADS_UF_ACCOUNTDISABLE = &H02
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_LOCKOUT = &H10
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const SEC_IN_DAY = 86400
acctdisable = "Enabled"
acctlocked = "Not Locked"
strPasswordSet = ""
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName, distinguishedName, UserAccountControl, CN, l, mail, Department, telephoneNumber, Title, employeeid;subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
' Enumerate all users. Check if accounts disabled.
Set objRecordset = objCommand.execute
x = 0
Do Until objRecordset.EOF
 'if user is found, set strusrpath to full DN name
 intFlag = objRecordSet.Fields("userAccountControl")
 lngFlag = objRecordSet.Fields("userAccountControl")
 strusrpath = objrecordset.fields("distinguishedName")
 Txt_userdn = strusrpath
 Txt_userid = objRecordSet.Fields("SamAccountName")
 Txt_userempid = objRecordSet.fields("employeeid")
 Txt_usercn = objRecordSet.fields("cn")
 Txt_userAC = objRecordSet.fields("UserAccountControl")
 Txt_userDept = objRecordSet.fields("Department")
 Txt_userTitle = objRecordSet.fields("Title")
 Txt_userCity = objRecordSet.fields("l")
 Txt_userEMail = objRecordSet.fields("mail")
 Txt_userPhone = objRecordSet.fields("telephoneNumber")
 strPasswordset = "<hr><font color=""#fcff00""><b>Reset User Password:</b></font> <input type=""password"" name=""password""> <input id=passreset button"" type=""button"" value=""Change Password"" name=""changepass""  onClick=""ChangePassword"">"
 If (intFlag And ADS_UF_ACCOUNTDISABLE) <> 0 Then
  acctdisable = "Disabled"
 End If
 Set objUser = GetObject("LDAP://" & strusrpath & "")
 intUAC = objUser.Get("UserAccountControl")
 If objUser.IsAccountLocked = True Then
  strPasswordset = strPasswordset & " <input id=unlockbutton"" type=""button"" value=""Unlock Account"" name=""accunlock"" onclick=""UnlockAccount"">"
  acctlocked = "Locked"
 End If
 If intFlag And ADS_UF_DONT_EXPIRE_PASSWD Then
  Txt_pwdexpire = "The password <font color=""#fcff00""><b>does not</b></font> expire<br><center></center>"
 Else
  dtmValue = objUser.PasswordLastChanged 
  intTimeInterval = int(Now - dtmValue)
  'modify domain name in next line
  Set objDomainNT = GetObject("WinNT://gppsd.ab.ca")
  ntMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  intMaxPwdAge = (ntMaxPwdAge/SEC_IN_DAY)
  If intTimeInterval >= intMaxPwdAge Then
        Txt_pwdexpire = "Password <font color=""#fcff00""><b>has</b></font> expired<br><center></center>"
     Else
        Txt_pwdexpire = "Password will expire in <font color=""#fcff00""><b>" & int((dtmValue + intMaxPwdAge) - now) & "</b></font> days<br><center></center>"
     End If
    End If
    strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
     "<tr><td bgcolor=""#5a2378""><b>Username</b></td><td bgcolor=""#5a2378""><b>Full Name</b></td></tr>" & _
     "<tr><td>" & Txt_userid & "</td><td>" & Txt_usercn & "</td></tr></table>"
   
    strAddUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
     "<tr><td bgcolor=""#5a2378""><b><center>Additional Information</center></b></td></tr>" & _
     "<tr><td><i>Title:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userTitle & _ 
      "<br><i>Department:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userDept & _
      "<br><i>City:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userCity & _
      "<br><i>Telephone:&nbsp;&nbsp;&nbsp;&nbsp;</i>" & Txt_userPhone  & _
      "<br><i>E-Mail:&nbsp;&nbsp;&nbsp;&nbsp;</i>"& Txt_userEMail & _
      "</td></tr></table>"
   
    strAccUserStatus = "<table border=1 cellspacing=""0"" width=""100%"">" & _
     "<tr><td bgcolor=""#5a2378""><b><center>Account Status</center></b></td></tr>" & _
     "<tr><td><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctdisable & "</b></font>" & _
      "<br><i>This account is:&nbsp;</i><font color=""#fcff00""><b>" & acctlocked & "</b></font>" & _
      "<br><i>" & Txt_pwdexpire & "</i>" & _
      "</td></tr></table>" 
    x=x+1
 objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserInfo = "<br><center><font size=5>The requested username<br><font size=7 color=""#fcff00"">" & struserid.value & "</font><br>is not found in Active Directory</font></center>"
Else
End If
BaseUserInfo.innerhtml = strBaseUserInfo
AddUserInfo.innerhtml = strAddUserInfo
AccUserStatus.innerhtml = strAccUserStatus
AdditionalOptions.innerhtml = strpasswordset
End Sub
Sub LastSearch
AddUserInfo.innerhtml = ""
AccUserStatus.innerhtml = ""
AdditionalOptions.innerhtml = ""
acctdisable = "Enabled"
acctlocked = "Not Locked"
' Use ADO to search Active Directory.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strFilter = "(&(objectCategory=person)(objectClass=user)(sn=" & struserid.value & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
  & ";sAMAccountName,distinguishedname,userAccountControl,cn"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 750
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
' Enumerate all users. Check if account's disabled.
Set objRecordset = objCommand.execute
x = 0
strBaseUserInfo = "<table border=1 cellspacing=""0"" width=""100%"">" & _
   "<tr><td width=""40%"" bgcolor=""#5a2378""><b>Full Name</b></td><td width=""40%"" bgcolor=""#5a2378""><b>Username</b></td><td width=""20%"" bgcolor=""#5a2378""><b>Search User</b></td></tr>"
Do Until objRecordset.EOF
 Txt_userid = objRecordSet.Fields("SamAccountName")
 Txt_fullname = objRecordset.Fields("cn")
 strBaseUserInfo = strBaseUserInfo & "<tr><td>" & Txt_fullname & "</td><td>" & Txt_userid & "</td><td> <input id=""changeid"" type=""button"" value=""Search Username"" name=""useridmod""  onClick= ""GetUser('" & Txt_userid & "')""> </td></tr>"
 x=x+1
 objRecordset.MoveNext
Loop
If x = 0 Then
    strBaseUserinfo = "<br><center>The last name entered is not found in Active Directory.</center>"
End If
strBaseUserInfo = strBaseUserInfo & "</table>"
BaseUserInfo.innerhtml = strBaseUserInfo
End Sub
Sub ChangePassword
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=gppsd,DC=ab,DC=ca>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
     userdn = objRecordSet.fields("distinguishedname")
  Set objUser = GetObject("LDAP://" & userdn & "")
  objUser.SetPassword password.value
  objUser.SetInfo
  On Error Resume Next
  If Err.Number <> 0 Then
   MsgBox(Err.Number & " " & Err.Description)
  Else
   MsgBox("Password Changed Successfully")
  End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
Sub UnlockAccount
'Connect to Active directory And check user to be cloned exists
'must enter strUserid = username
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objcommand.commandtext = _
 "<LDAP://DC=gppsd,DC=ab,DC=ca>;" & _
  "(&(objectCategory=person)(objectClass=user)" & _
            "(sAMAccountName=" & struserid.value &"));" & _
                "sAMAccountName, distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    strHTML = "The username " & struserid.value &" is not found in Active Directory.  Press OK to exit"
    'WScript.quit
Else
    While Not objRecordset.EOF
     userdn = objRecordSet.fields("distinguishedname")
  Set objUser = GetObject("LDAP://" & userdn & "")
  objUser.IsAccountLocked = False
  objUser.SetInfo
  On Error Resume Next
  If Err.Number <> 0 Then
   MsgBox(Err.Number & " " & Err.Description)
  Else
   MsgBox("Account Unlocked")
  End If        
        objRecordset.MoveNext
    Wend
End If
End Sub
Function GetUser(strID)
Struserid.Value = strID
Call useridsearch
End Function
</script>
<hta:application
 applicationname="ADUCUserGrab" 
 border="thin"
 borderstyle="normal"
 caption="ADUC User Password Utility"
 contextmenu="yes"
 maximizebutton="no"
 minimizebutton="yes"
 navigable="yes"
 scroll="yes"
 selection="yes"
 showintaskbar="yes"
 singleinstance="yes"
 sysmenu="yes"
 version="1.0"
 windowstate="normal"
>
</head>
<body topmargin="1" leftmargin="0" rightmargin="0" bottommargin="1" bgcolor="#074075" text="#FFFFFF">
<table border="0" width="640" cellspacing="0" cellpadding="0">
 <tr>
  <td align="center" valign="top" height="110" bgcolor="#074075">
   <i>Enter the <u>username</u> or <u>last name</u> below and click appropriate search.</i><br>
   <input type="text" name="StrUserid" size="20">
   <input id=idsearchbutton  class="button" type="button" value="Search On Username" name="userid"  onClick="useridsearch">
   <input id=lastsearchbutton  class="button" type="button" value="Search On Last Name" name="lastname"  onClick="LastSearch">
  </td>
 </tr>
 <tr>
  <td valign="top" height="300" bgcolor="#1d5087">
   <Div id="BaseUserInfo"></Div>
   <br>
   <table border="0" width="100%" cellspacing="1" cellpadding="0">
    <tr>
     <td width="60%" valign="top"><Div id="AddUserInfo"></Div></td>
     <td width="40%" valign="top"><Div id="AccUserStatus"></Div></td>
    </tr>
   </table>
  </td>
 </tr>
 <tr>
  <td valign="top" height="70" bgcolor="#074075">
   <div id="AdditionalOptions"></div>
  </td>
 </tr>
</table>
</body>
</html>

I just think it is interesting why a school would write the password reset-er utility in an interpreted language, and put it on every computer in C:\Windows\

An odd thing, just wanted to share. I am not really best at whatever language this is, but I still understand bits and pieces. Honestly, I am quite concerned as this is kinda a major problem.

  • 1 Contributor
  • 1 Reply
  • 263 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by BCBTP
Member Avatar for BCBTP

Oops sorry thought this was in Geek's Lounge, my bad. I was thinking to put it in legacy because it seems to be VBScript, and I didn't see a forum then I decided to put it in Geek's Lounge. Ooops.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.