Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- Finds all IPs in given subnet that listen to RDP port
- And try to connect to all with given credentials
- #>
- $c_type_subnet = "192.168.0"
- $rdp_default_port = "3389"
- $username = "username"
- $password = "password"
- $nmap_output_file_name = "temp_nmap.txt"
- $ips_file_name = "temp_ips.txt"
- if( Test-Path $nmap_output_file_name ) { Remove-Item $nmap_output_file_name }
- if( Test-Path $ips_file_name ) { Remove-Item $ips_file_name }
- #Run nmap and save its output
- $nmap_expression = "nmap $c_type_subnet.* -p T:$rdp_default_port > $nmap_output_file_name"
- Invoke-Expression $nmap_expression
- #Save all ips into a different file from the nmap output
- $regex = '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'
- select-string -Path $nmap_output_file_name -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value } > $ips_file_name
- $lines = Get-Content $ips_file_name | Where {$_ -notmatch '^\s+$'}
- foreach( $line in $lines )
- {
- $cur_ip_address = $line
- $expression = "cmdkey /generic:TERMSRV/`"$cur_ip_address`" /user:`"$username`" /pass:`"$password`""
- Invoke-Expression $expression
- $expression = "mstsc /v:`"$cur_ip_address`""
- Invoke-Expression $expression
- }
- Remove-Item $nmap_output_file_name
- Remove-Item $ips_file_name
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
