Visual studio 2017 windows forms C# - password from lusrmgr.mfc

Question

1.00/5 (2 votes)

See more:

, +

I want to create a code without admin license when I select a username from a Items listbox:

C#

private void ExistUserList_SelectedIndexChanged(object sender, EventArgs e)

Then the code must search the same username in lusrmgr.msc and put the user password from lusrmgr.msc automatically to textbox:

C#

private void FirstPassword_TextChanged(object sender, EventArgs e)

In my listbox is "Administrator", "Gość"(Guest), "Konto domyślne"(Default account), "Test" and "WDAGUtilityAccount".

What I have tried:

I created a code like this:

C#

private void ExistUserList_SelectedIndexChanged
              (object sender, EventArgs e)
        {
            string selectedUser = ExistUserList.SelectedItem.ToString();
            string userDirectory = $@"C:\Users\{selectedUser}";

            // Sprawdź, czy katalog użytkownika istnieje
            if (System.IO.Directory.Exists(userDirectory))
            {
                DirectorySearcher searcher = new DirectorySearcher();
                searcher.Filter = $"(&(objectCategory=person) 
                (objectClass=user)(sAMAccountName={selectedUser}))";
                SearchResult result = searcher.FindOne();

                if (result != null)
                {
                    DirectoryEntry user = result.GetDirectoryEntry();
                    // Pobierz hasło użytkownika
                    string password = 
                    user.Properties["userpassword"].Value.ToString();

                    // Wyświetl hasło w MessageBox
                    MessageBox.Show($"Hasło użytkownika {selectedUser}: {password}");
                }
                else
                {
                    MessageBox.Show("Nie można znaleźć użytkownika.");
                }
            }
            else
            {
                MessageBox.Show("Katalog użytkownika nie istnieje.");
            }
        }

        private void FirstPassword_TextChanged(object sender, EventArgs e)
        {
            // Tutaj możesz zapamiętać wpisane hasło do TextBox
            string enteredPassword = FirstPassword.Text;
            // Możesz to hasło zapisać w zmiennej lub wykonać 
            // inne operacje na nim
        }

But I need to write down my boss password, because I don't have admin license.

Posted 30-Oct-23 2:17am

Inczu

Updated 4-Nov-23 23:52pm

Deeksha Shenoy

v2

Add a Solution

Comments

Richard MacCutchan 30-Oct-23 8:23am

You are storing passwords in clear text, which is a major security flaw, and in some jurisdictions could leave you open to criminal proceedings.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2023-10-30T02:25:00

You can't. Windows does not store user passwords using a reversible encryption.

Passwords technical overview | Microsoft Learn[^]:
For use in Windows networking, including Active Directory domains, the password is stored two different ways by default: as the LAN Manager one-way function (LM OWF) and as the NT OWF. "One-way function" is a term that denotes a one-way mathematical transformation of data. The data that is being transformed can only be converted through encryption one way and cannot be reversed.

It's already dangerous enough running downloaded applications on your computer, without giving them the ability to retrieve the plain-text password of every local account on your computer!

Dave Kreskowiak · Answer 2 · 2023-10-30T04:27:00

An "admin license," whatever that is, has nothing to do with this. You're completely misunderstanding the Windows security system and directory.

You cannot check an entered password against what you perceive to be a plain text password in the directory. If you used the debugger to step through the code and looked at what you really have in the "userpassword" field, you would not see a readable password.

You can use the PrincipleContext class to validate credentials against the machine directory, like this:

C#

using (PrincipalContext pc = new PrincipalContext(ContextType.Machine))
{
    bool isValid = pc.ValidateCredentials("enteredUsername", "enteredPassword");
}

Visual studio 2017 windows forms C# - password from lusrmgr.mfc

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0