Jump to content

GregSmid

Members
  • Content count

    25
  • Joined

  • Last visited

  • Days Won

    1

GregSmid last won the day on December 9 2016

GregSmid had the most liked content!

About GregSmid

  • Rank
    Member

Recent Profile Visitors

346 profile views
  1. Browser plugin URL matching

    Ah, well that's interesting. I primarily use Firefox, and that's the browser I've been having issues with. I did some testing with Chrome, and it fills in the username and password no problem. A couple of examples: https://prtg.f12.net https://my.vmware.com I'll keep trying them out with Chrome as I come across them. Thanks!
  2. Browser plugin URL matching

    Thanks guys, Just to clarify then - if you're matching on the base URL and I have a password with the URL saved as https://domain.com.... it should match https://domain.com/login.html but not https://www.domain.com/ or https://www.domain.com/login.html. Is that correct? I have a few picky sites and I'm trying to find the best way to save the URL. Greg
  3. Browser plugin URL matching

    Hi all, I'm wondering how the URL matching for the plugin works. If a password is saved with a URL of http://www.domain.com, should the plugin be smart enough to fill in the login info to http://www.domain.com/login.html? What about https://www.domain.com? Can we use wildcards to help it out? It seems like it'll fill in non-exact matches for some sites, but not others... I haven't been able to find any real patterns yet. Thanks! Greg
  4. Haha sorry, one more reply... I keep forgetting to subscribe to the thread. BTW is there a way to do that without ticking the 'Notify' box in the reply box?
  5. Thanks gang, appreciate it! Good luck on the Web Extension version... FF 57 isn't far off...
  6. Bah, didn't notice I wasn't signed in. This is me. ^
  7. Thanks team, always awesome to see responsiveness to customer requests!
  8. I'm certainly willing to give the new global search a shot! I did a few tests with it this morning and was able to find what I was looking for pretty reliably. I'll keep on using it and post back here with any more feedback as I have it. For the record though, my vote is still to bring back the Search box in the Folder view... if nothing else, it's one more way to help find what you're looking for. Maybe the global search will work better for some, and the folder search better for others. Thanks for the quick reply! Greg
  9. We recently upgraded to v8, and I'm having trouble searching across all Password Lists in a Password Folder. In v7.x, you could select a Password Folder and use the Search box to search across all of the Password Lists contained in it. In this version, there isn't actually a search box when I have a Folder selected, or a grid to display passwords. I was thinking maybe it's just a display option somewhere but I haven't been able to find anything yet. Any suggestions?
  10. Where to find PasswordList ID

    That does help, thank you! Greg
  11. Similar to this thread, but I'm not trying to find the PasswordList ID based on a Password ID... I just want to know where to find the PasswordList ID for a private password list within the web GUI. It's needed when users want to run scripts on their own private list using the API. I know in a previous version of PasswordState, I could hover over my password list and its list ID would pop up as alt-text. Looks like that has disappeared at some point. We're on 7.8 (build 7847) right now. It would be great if the list ID could be exposed on the Edit Password List screen, either on the Password List Details tab or the API Key and Settings tab. Or, just bring the hover text back. Greg
  12. New phone when using Google Auth

    Hey guys, ran into a related issue. We have a few users that got fancy new phones for Christmas, and I've attempted to email them their Google Auth QR codes using the steps above... but no email ever gets sent. I've tested while running Wireshark on both our PasswordState server and our local Exchange server, and when I click that Email button on the user's Authentication tab, no SMTP packets are even generated. Other email functions in PasswordState are working fine, it just seems to be this Email button for Google Authenticator. Greg
  13. Final version of the script! User is prompted for Password List ID, API Key, and their new password New password is verified API Key and Passwords are not displayed on screen Error checking to make sure the API calls worked Information about the number of passwords that got updated and which ones is displayed at the end <# .SYNOPSIS Search for Specific Password Records and update them to the same password .NOTES Requires Password List API Key, Password List ID, name of field to search, and search terms .REFERENCE This all came from https://www.clickstudios.com.au/community/index.php?/topic/1781-password-field-reference-to-another-password/ if you're interested in the history of the script. #> #These are the two 'hard-coded' valuses for the script - the Password List field to search, and the search term. Script could be modified to prompt the user for these instead: $PasswordstateURL = "https://passwordstate.url" $SearchField = "Notes" $SearchTerm = "ADCreds" #Get the Password List ID: Write-Host "Enter the ID of your private password list.`nYou can find it by hovering your mouse over top of of the list name.`n" $PasswordListID = Read-Host -Prompt 'Password List ID' #Prompt the user for the API key for their specific Password List. They can set/find it in the Password List settings on the API Key tab: Write-Host "`nEnter the API Key of your private password list.`nYou can set it in the Password List settings, on the API Key tab.`n" $APIKey = Read-Host -Prompt 'Enter your API Key' -AsSecureString $APIKey = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($APIKey)) Write-Host "" #Prompt the user for their new AD password: $NewPassword = Read-Host -Prompt 'Enter your new AD Password' -AsSecureString $NewPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)) #Have the user verify their AD password: $NewPasswordVerify = Read-Host -Prompt 'Confirm your new AD Password' -AsSecureString $NewPasswordVerify = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordVerify)) #Validate that $NewPassword and $NewPasswordVerify are the same. If not, exit the script: If ($NewPassword -ne $NewPasswordVerify) { Write-Host "`nSorry, your passwords don't match. Please run the script again.`n" Exit } Write-Host "" #Combine the variables into the URL to use for the API call: $FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm #Create an array $SearchResults and fill it with all the password entries: $SearchResults = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey } #Create an array $PasswordIDs and fill it with all the Password IDs: $PasswordIDs = $SearchResults.PasswordID $PasswordTitles = $SearchResults.Title $PasswordURLs = $SearchResults.URL $PasswordCounter = 0 #Go through all the Password IDs and attempt to update them with the new password: Foreach ($PasswordRecord in $PasswordIDs){ #Gather the ID of the password to be updated along with the value for the new password: $jsonString = '{"PasswordID":"' + $PasswordRecord + '", "Password":"' + $NewPassword + '"}' #Clear the $Error catcher variable: $Error.Clear() #Attempt to send the API the password info gathered above: Try { Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey } } #If the password update call throws an error, show it to the user and exit the script: Catch { Write-Host "Uh oh, was at least one error! The API said:`n`n$Error`n`nNumber of passwords updated: $PasswordCounter" Write-Host "`nIf any passwords got updated, you should check your passwords and make sure they are what they should be.`n" Exit } #If the password update succeeded, increment the counter and clear the screen so the password isn't visible: $PasswordCounter = $PasswordCounter + 1 cls } #Give the user some info about the passwords that got updated: Write-Host "`n$PasswordCounter passswords updated!`n" $x = 0 While ($x -lt $PasswordCounter) { Write-Host "$($PasswordTitles[$x]) --- $($PasswordURLs[$x])" $x++ } #Goodbye! Exit
  14. Hi guys, It occurred to me that we probably don't want to encourage people to leave scripts laying around on their computers that have their AD creds and their PasswordState API key in them, just waiting for someone to steal. I've changed the lines in the User Variables section to: $APIKey = Read-Host -Prompt 'Enter your API Key' $NewPassword = Read-Host -Prompt 'Enter your new AD Password' This way the script will prompt them to enter their password and API key instead.
  15. All working! For any future visitors to this thread, here's what I ended up with: <# .SYNOPSIS Search for Specific Password Records and update them to the same password .NOTES Requires Password List API Key, Password List ID, name of field to search, and search terms #> ########################################## #User Variables - Fill in your PS URL, the Password List ID and API Key of your Password List, the field your're searching, your search term, and your new password $PasswordstateURL = "https://password.state.url" $PasswordListID = "10" #Password List ID can be found by hovering your mouse over the PW List name in the nav tree. $APIKey = "11223344556677889900aabbccddeeff" #Use the API key for your specific Password List. You can set it in the Password List settings on the API Key tab. $SearchField = "Notes" $SearchTerm = "ADCreds" $NewPassword = "FancYNewPasw0rd!" ########################################## $FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm $results = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey } $PasswordIDs = $results.PasswordID Foreach ($PasswordRecord in $PasswordIDs) { $jsonString = ' { "PasswordID":"' + $PasswordRecord + '", "Password":"' + $NewPassword + '" } ' Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey } } Thanks again, this would have taken waaaaaay longer to figure out without your help! If you'd like to copy/move some or all of this thread over to the PowerShell Scripts area of the forums, feel free. Greg
×