Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <head>
- <title>Pw Changer</title>
- <link rel="stylesheet" href="style.css">
- </head>
- <body>
- <?php
- $_SERVER['logdate'] = date('Dd_M_Y');
- $psScriptPath = "..\..\..\Bin\Auth\adpwauth2014.ps1";// Path to the PowerShell script.
- $logfile = './Logging/pwreset_'.$_SERVER['logdate'].'.txt';
- $rand = mt_rand();
- if(!empty($_SESSION["successstate"])){//Achievement Get: PW Changer
- echo '<div class="successstate">'. $_SESSION["successstate"] .'</div>';
- unset($_SESSION["successstate"]);
- exit(header('refresh:5; ../'));
- }
- if(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
- if(!empty($_SESSION["errorstate"])){echo '<div class="errorstate">' . $_SESSION["errorstate"] . '</div><br /><br />';}
- echo '<form name="testForm" class="formbox" id="testForm" action="pwreset.php" method="post" />
- Username: <input type="text" name="username" id="username"/><br />
- Old Password: <input type="password" name="old_password"><br />
- New Password: <input type="password" name="new_password"><br />
- Confirm New Password: <input type="password" name="confirm"><br />
- <input type="submit" name="submit" id="submit" value="submit" />
- </form>';
- unset($_SESSION["errorstate"]);
- }elseif(!empty($_POST["username"]) && !empty($_POST["old_password"]) && !empty($_POST["new_password"]) && !empty($_POST["confirm"])){
- $_SESSION['errorstate'] = '';
- //Check for matching Old and New Passwords
- if($_POST["new_password"] != $_POST["confirm"]){$_SESSION['errorstate'] .= 'New Password and Confirm do not match</br>';}
- //UTF-8 Standard only
- $username = utf8_decode($_POST["username"]);
- $old_password = utf8_decode($_POST["old_password"]);
- $new_password = utf8_decode($_POST["new_password"]);
- $confirm = utf8_decode($_POST["confirm"]);
- //Length Check equal or greater then
- if(strlen($new_password) <= 8){$_SESSION['errorstate'] .= 'Eight or more charictors needed</br>';}
- //New Password Matches username or old password
- if(strpos($new_password,$old_password) !== false){$_SESSION['errorstate'] .= 'Can not contain your old password</br>';}
- if(strpos($new_password, $username) !== false){$_SESSION['errorstate'] .= 'Can not contain your Username</br>';}
- /*
- Ignore this code block as it is for reference for something else
- //$operator = array('\\','#','+','<','>',';','\"','=',',',' ');//Operators that need to be escaped with
- //$replace = array('\\\\','\\#','\\+','\\<','\\>','\\;','\\"','\\=','\,','');//replacement
- //$username = str_replace ($operator, $replace, $username);
- //$new_password = str_replace ($operator, $replace, $new_password);
- //$old_password = str_replace ($operator, $replace, $old_password);
- */
- $check_upper = 0;
- $check_lower = 0;
- $check_digit = 0;
- $check_punct = 0;
- foreach(count_chars($new_password, 1) as $key => $value){//Strength Test Results can be derived from $value
- if(!ctype_upper(chr($key))){$check_upper=1;}//if Upper-case
- if(!ctype_lower(chr($key))){$check_lower=1;}//if Lower-case
- if(!ctype_digit(chr($key))){$check_digit=1;}//if Numeric
- if(!ctype_punct(chr($key))){$check_punct=1;}//if Symbol
- if($check_upper + $check_lower + $check_digit + $check_punct>= 3){break;}//Save us from checking the entire string
- }
- if($check_upper + $check_lower + $check_digit + $check_punct<= 2){
- $_SESSION['errorstate'] .= 'Password needs to contain at least 3 of the following criteria: Upper-case, Lower-case, Numeric and/or Symbol</br>';
- }
- //EXIT if error state is set. Do not pass go, do not collect $200.
- if(!empty($_SESSION['errorstate'])){exit(header('Location: ./pwreset.php'));}
- $base64_username = base64_encode($username); //Transport Layer Base64
- $base64_new_password = base64_encode($new_password); //Transport Layer Base64
- $base64_old_password = base64_encode($old_password); //Transport Layer Base64
- //The danger happens here as it is sent to powershell.
- $query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_oldpassword "' . $base64_old_password . '" < NUL -base64_newpassword "' . $base64_new_password . '" < NUL');// Execute the PowerShell script, passing the parameters
- //Log Result and exit with status
- $logstr = "=================================================================\r\n";
- if(stristr($query, 'Success:'.$rand) !== false){$logstr .= ' ' . $_SERVER['date_'] . " - Success \r\n";}elseif(stristr($query, 'Failed:'.$rand) !== false){$logstr .= ' ' . $_SERVER['date_'] . " - Failed \r\n";}else{$logstr .= ' ' . $_SERVER['date_'] . " - Warning Error \r\n";}
- $logstr .= "=================================================================\r\n";
- $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n";
- $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Password Change result \r\n";
- $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_oldpassword "' . $base64_old_password . '" < NUL -base64_newpassword "' . $base64_new_password . '" < NUL '."\r\n";
- $logstr .= $query;
- file_put_contents($logfile, $logstr, FILE_APPEND | LOCK_EX);
- //This was a triumph
- if(stristr($query, 'Success:'.$rand) !== false){
- $_SESSION['successstate'] = '</br>Success: Password was changed</br>';
- exit(header('Location: ./pwreset.php'));
- //Failed password change
- }elseif(stristr($query, 'Failed:'.$rand) !== false){
- $_SESSION['errorstate'] = '</br>Failed: Password was not changed</br>';
- exit(header('Location: ./pwreset.php'));
- //someone broke something not that we tell them but we log the entry
- }else{
- $logstr .= 'Username: ' . $username . "\r\n Old Password: " . $old_password . "\r\n New Password: " . $new_password;
- $_SESSION['errorstate'] = '</br>Failed: Password was not changed</br>';
- //You could go one step further and ban IP for X time // you could also send an email to yourself
- $headers = "From: webmaster@domain.com \r\n" .
- "Reply-To: no-reply@domain.com \r\n" .
- "X-Mailer: PHP/" . phpversion();
- mail('bshea@riseupaustraliaparty.com', 'PHP/Powershell AD - Error Warning', $logstr, $headers);
- exit(header('Location: ./pwreset.php'));
- }
- }else{// Else the user hit submit without all required fields being filled out:
- $_SESSION['errorstate'] = 'Please Complete all fields</br>';
- exit(header('Location: ./pwreset.php'));
- }
- ?>
Add Comment
Please, Sign In to add comment