• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 494
  • Last Modified:

VBSCRIPT to get WINDOWS USERS AND PASSWORDS

Hi guys,

I have a script to view the iusr_  password on windows 2003:

Dim IIsObject
Set IIsObject = GetObject ("IIS://localhost/w3svc")
WScript.Echo "According to the metabase, the anonymous credentials are:"
WScript.Echo "    AnonymousUserName = " & IIsObject.Get("AnonymousUserName")
WScript.Echo "    AnonymousUserPass = " & IIsObject.Get("AnonymousUserPass")
WScript.Echo "    WAMUserName = " & IIsObject.Get("WAMUserName")
WScript.Echo "    WAMUserPass = " & IIsObject.Get("WAMUserPass")
Set IIsObject = Nothing

I used this script to move files from one server to another (I needed the i_usr pass).

Now, is it possible to modify this script in order to obtain the Administrator password?

Thanks :)

PVG
0
pvg1975
Asked:
pvg1975
  • 3
  • 2
1 Solution
 
anthonywjones66Commented:
No the Administrator password is not managed by IIS so it has no need to store it.  IIS only needs to store the Passwords for WAM and USR because it is responsible for creating these accounts in the first place.  I'm suprised that the above code returns usable passwords I was under the impression that they were encrypted.

Anthony.
0
 
pvg1975Author Commented:
Hi Anthony, thanks for your answer.

This is what I wanted to do: In our company we are forced to change admin passwords every 7 days. Password has an algorithm: eg: XxxxxxxxxxxxxxxX-nnnnn where nnnnn is a correlative number.

I wanted to retrieve the admin password and change it automatically (it is 14 servers) based on the pervious stored password.

EG: if password is MymanagersuckS-12753, I want to change it by MymanagersuckS-12754 by running a script.

Thanks.
0
 
pvg1975Author Commented:
I forgot to say, algorithm is nnnn + 1 (stupid one, but the one they established)
0
 
anthonywjones66Commented:
I'm afraid your out of luck here.  There is by design no way to retrieve a password from Active Directory or SAM.

TBH, it all sounds a bit daft.  Whats the point of changing passwords every 7 days when subsequent passwords can be easily guessed from a knowledge of a previous password.

Anthony.
0
 
pvg1975Author Commented:
Hi Anthony!

I agree, sounds stupid, that's why I wanted to automate the password change in all the servers.

Anyway, only me and other 3 guys (plus our manager) knows this algorithm.

Since no other answer(s) have been posted, I will give you the points.

Thanks!

PVG
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now