Resetting a Password with NetApi32

In the absence of RDP (which will prompt the user to change their password), we can use PowerShell to interact with the Windows NET API module NetApi32, and change the password programmatically. This article is found upon searching for how a user can change their own expired password without RDP, and the following code is taken directly from it.

$username = 'bnielson'
$dc = 'fuse.fabricorp.local'
$old = 'Fabricorp01'
$new = 'S0meVeryLongPa5s!'
$code = @'
[DllImport("netapi32.dll", CharSet = CharSet.Unicode)]
public static extern bool NetUserChangePassword(string domain, string username,
string oldpassword, string newpassword);
'@
$NetApi32 = Add-Type -MemberDefinition $code -Name 'NetApi32' -Namespace 'Win32'
-PassThru
$NetApi32::NetUserChangePassword($dc, $username, $old, $new)

PreviousRDP Exploitation NextWindows Buffer Overflow

Last updated 2 years ago