This PowerShell script, localbrute.ps1, is a derived version of the script available at InfosecMatter/Minimalistic-offensive-security-tools with enhanced performance.
To use the script, follow these steps:
-
Open a PowerShell terminal.
-
Navigate to the directory containing the script.
-
Execute the script with the following parameters:
localbrute -u "<username>" -dct "<dictionary_file>" -debug $true
<username>: The username of the local account to brute-force.<dictionary_file>: The path to the dictionary file containing passwords.$true(optional): Enables debug mode for additional output.
The script performs the following steps:
-
Check User Existence:
- It checks if the specified username exists among the local user accounts on the machine.
-
Load Dictionary:
- It reads the dictionary file containing potential passwords.
-
Brute-force Passwords:
- It iterates through each password in the dictionary and attempts to authenticate with the user account.
- If debug mode is enabled, it provides additional information about the password being tried.
- If a password is found that successfully authenticates the user, the script stops execution and reports the password.
-
Logging:
- It logs the progress and results in a file named
localbrute.state. - If a password is found, it logs the username, domain, authentication status, and the password.
- It logs the progress and results in a file named
-u: Specifies the username of the local account to brute-force.-dct: Specifies the path to the dictionary file containing passwords.-debug: (Optional) Enables debug mode for additional output.
- This script relies on the
System.DirectoryServices.AccountManagementassembly for user authentication.
- Ensure that PowerShell execution policy allows running scripts on the system.
- Use this script responsibly and only on systems where you have proper authorization.
- For improved performance, enhancements have been made to the original script available at InfosecMatter/Minimalistic-offensive-security-tools.