PFLogin - change the admin password on multiple pfsense firewalls



  • We have a number of pfsense firewalls, and we needed a way to change pfsense admin passwords on all of them.  I wrote a perl script to change these via the web interface.  Take this script, create a text file called servers.txt, and list your servers without any whitespace… just hosts, no ports or https or anything.  I run my admin interface on 8443, so you may have to change that in the script if you run it on something else.

    Then run ./pflogin.pl -username <current admin="" username="">-password <current password="" for="" admin="">-newpassword <new password="" to="" set="" for="" admin="">here is the code:

    
    #!/usr/bin/perl -w
    
    use strict;
    
    use WWW::Mechanize;
    use HTTP::Cookies;
    use Getopt::Long;
    
    my $result = GetOptions("username=s" => \my $username,
    			"password=s" => \my $password,
    			"newpassword=s" => \my $newpassword);
    unless ($username || $password || $newpassword){
    	print "you must put in a username, password, and a newpassword\n";
    	exit();
    }  
    open("SERVER", "servers.txt") || die "cannot open server file\n";
    for my $fw (<server>){
    	chomp($fw);
    	my $url="https://" . $fw . ":8443";
    	my $mech = WWW::Mechanize->new();
    	$mech->cookie_jar(HTTP::Cookies->new());
    	$mech->get( $url );  
    	$mech->form_name('login_iform');
    	$mech->field(usernamefld=>$username);
    	$mech->field(passwordfld=>$password);
    	$mech->click();
    	my $url2 = "https://" . $fw . ":8443/system_usermanager.php?act=edit&id=0";
    	$mech->get( $url2 );
    	$mech->form_name('iform');
    	$mech->field(passwordfld1=>$newpassword);
    	$mech->field(passwordfld2=>$newpassword);
    	$mech->click();
    #uncomment the following line for debugging
    #print $mech->content();
    }
    close(SERVER)</server> 
    

    Enjoy!</new></current></current>



  • This is great thank you!

    will it work on any version?



  • I only tried it with the latest version (2.0.1)  Although it will most likely work with 2.0.  I dont think it will work with anything before that.


Locked