Giter Site home page Giter Site logo

invoke-cleverspray's Introduction

Invoke-CleverSpray

Password Spraying Script detecting current and previous passwords of Active Directory User by @flelievre

Options:

-Password: Password to spray.
-PasswordFile: Path to file containing a list of passwords to spray.
-Username: samAccountName of the user to target.
-UsernamesFile: Path to file containing a list of samAccountNames to target.
-Domain: The domain to query for users, defaults to the current domain.
-Limit: Only users having a 'badPwdCount' lower or equal to Limit will be targeted (default is 1 to avoid blocking accounts).
-Delay: Delay between authentication attemps (in s).
-Jitter: Jitter for the authentication attemps delay.
-HideOld: Hide old password discovered (default is false).

Usage: Import Invoke-CleverSpray:

Import-Module .\Invoke-CleverSpray.ps1

Spray a unique password:

Invoke-CleverSpray -Password "Passw0rd"

Spray multiple passwords:

Invoke-CleverSpray -PasswordFile ".\pwd_list.txt"

Behavior:

  • Retrieves default or specified domain (to specify a domain, use the -Domain paramater) using Get-NetDomain from PowerView (@harmj0y) and identifies the PDCe to send authentication requests (because the domain PDCe centralizes "badPwdCount" attributes for the domain users)
  • Retrieves all the domain user accounts using Get-NetUser from PowerView (@harmj0y) or within specified file (-UsernamesFile)
  • For each users, it verifies if the "badPwdCount" attribute is inferior to the threshold set passed as argument (-Limit), if it is:
    • It tries to authenticates using provided password (-Password) or a password within a specified password list file (-PasswordFile) with each users' accounts
      • If authentication is successful, the user's current password has been discovered
      • If authentication is unsuccessful:
        • checks if user's "badPwdCount" attribute was incremented: if not, provided password is a previous password of the user account (be creative, detect the user's password creation pattern to guess it's actual password ;)
        • if user's "badPwdCount" attribute was incremented, no previous or current password was found for that specific user
    • If a delay is set (-Delay), wait for Delay +/- Jitter (-Jitter) or directly spray on to the next user of the domain.

WARNING: Default -Limit is set to 1 (i.e. only user accounts having a "badPwdCount" lower or equal to 1 will be targeted). You can increase this value at your own risk to target more users. I cannot garantee no users will be locked.

**Greetings: ** Thanks @harmj0y for PowerView !

invoke-cleverspray's People

Contributors

flelievre avatar

Stargazers

 avatar

Watchers

James Cloos avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.