From 00bcac382d97316d4a984fc39d94ed077e268cea Mon Sep 17 00:00:00 2001
From: StrongIT-Attack <SIT-TeamAttack@strong-it.at>
Date: Tue, 27 Aug 2024 08:57:28 +0200
Subject: [PATCH 1/2] Add SearchBase optional Parameter

---
 DomainPasswordSpray.ps1 | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/DomainPasswordSpray.ps1 b/DomainPasswordSpray.ps1
index 596768c..1e72276 100644
--- a/DomainPasswordSpray.ps1
+++ b/DomainPasswordSpray.ps1
@@ -37,6 +37,10 @@ function Invoke-DomainPasswordSpray{
     .PARAMETER Filter
 
     Custom LDAP filter for users, e.g. "(description=*admin*)"
+	
+	.PARAMETER SearchBase
+
+    Optional LDAP SearchBase parameter.
 
     .PARAMETER Force
 
@@ -99,31 +103,35 @@ function Invoke-DomainPasswordSpray{
      [Parameter(Position = 4, Mandatory = $false)]
      [string]
      $Filter = "",
+	 
+	 [Parameter(Position = 5, Mandatory = $false)]
+     [string]
+     $SearchBase = "",
 
-     [Parameter(Position = 5, Mandatory = $false)]
+     [Parameter(Position = 6, Mandatory = $false)]
      [string]
      $Domain = "",
 
-     [Parameter(Position = 6, Mandatory = $false)]
+     [Parameter(Position = 7, Mandatory = $false)]
      [switch]
      $Force,
 
-     [Parameter(Position = 7, Mandatory = $false)]
+     [Parameter(Position = 8, Mandatory = $false)]
      [switch]
      $UsernameAsPassword,
 
-     [Parameter(Position = 8, Mandatory = $false)]
+     [Parameter(Position = 9, Mandatory = $false)]
      [int]
      $Delay=0,
 
-     [Parameter(Position = 9, Mandatory = $false)]
+     [Parameter(Position = 10, Mandatory = $false)]
      $Jitter=0,
 
-     [Parameter(Position = 10, Mandatory = $false)]
+     [Parameter(Position = 11, Mandatory = $false)]
      [switch]
      $Quiet,
 
-     [Parameter(Position = 11, Mandatory = $false)]
+     [Parameter(Position = 12, Mandatory = $false)]
      [int]
      $Fudge=10
     )
@@ -414,7 +422,7 @@ function Get-DomainUserList
     }
 
     $UserSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$CurrentDomain)
-    $DirEntry = New-Object System.DirectoryServices.DirectoryEntry
+	$DirEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$SearchBase")
     $UserSearcher.SearchRoot = $DirEntry
 
     $UserSearcher.PropertiesToLoad.Add("samaccountname") > $Null

From 96669ec5baf4db70733000881c2e9bc907d0b0e8 Mon Sep 17 00:00:00 2001
From: StrongIT-Attack <SIT-TeamAttack@strong-it.at>
Date: Tue, 27 Aug 2024 09:05:02 +0200
Subject: [PATCH 2/2] Fix

---
 DomainPasswordSpray.ps1 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/DomainPasswordSpray.ps1 b/DomainPasswordSpray.ps1
index 1e72276..2a344df 100644
--- a/DomainPasswordSpray.ps1
+++ b/DomainPasswordSpray.ps1
@@ -422,7 +422,14 @@ function Get-DomainUserList
     }
 
     $UserSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$CurrentDomain)
-	$DirEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$SearchBase")
+    if ($SearchBase)
+    {
+    	$DirEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$SearchBase")
+    }
+    else
+    {
+    	$DirEntry = New-Object System.DirectoryServices.DirectoryEntry
+    }
     $UserSearcher.SearchRoot = $DirEntry
 
     $UserSearcher.PropertiesToLoad.Add("samaccountname") > $Null