obscuresec/gist:df5f652c7e7088e2412c

## gistfile1.ps1
function Test-SmbPassword {
<#
.SYNOPSIS

    Tests a username and password to see if it is valid against a remote machine or domain.

    Author: Chris Campbell (@obscuresec)
    License: BSD 3-Clause
    Required Dependencies: None
    Optional Dependencies: None
    Version: 0.1.0

.DESCRIPTION

    Tests a username and password to see if it is valid against a remote machine or domain.

.EXAMPLE

    PS C:\> Test-SmbPassword -ComputerName 2K8DC -UserName test123 -Password password123456! -Domain

    Password                                Username                                Valid
    --------                                --------                                -----
    password123456!                         test123                                 True


.EXAMPLE

    PS C:\> Get-Content 'c:\demo\usernames.txt' | Test-SmbPassword -ComputerName 'DC1' -Password 'Passsword123456!' -Domain

    Password                                Username                                Valid
    --------                                --------                                -----
    password123456!                         test                                    False
    password123456!                         Administrator                           False
    password123456!                         tomcat                                  False
    password123456!                         test123                                 True


.LINK


#>

    [CmdletBinding()] Param(
        [Parameter(Mandatory = $true)]
        [String] $ComputerName,

        [parameter(Mandatory = $True,ValueFromPipeline=$True)]
        [String] $UserName,

        [parameter(Mandatory = $True)]
        [String] $Password,

        [parameter()]
        [Switch] $Domain
    )

    Begin {Set-StrictMode -Version 2}

    Process {

        #try to load assembly
        Try {Add-Type -AssemblyName System.DirectoryServices.AccountManagement}
        Catch {Write-Error $Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage}

        If ($Domain) {$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain}

        Else {$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine}

            Try {
                $PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ContextType, $ComputerName)

                $Valid = $PrincipalContext.ValidateCredentials($Username, $Password).ToString()

                    If ($Valid) {Write-Verbose "SUCCESS: $Username works with $Password"}

                    Else {Write-Verbose "FAILURE: $Username did not work with $Password"}

                #Create custom object to output results
                $ObjectProperties = @{'Username' = $UserName;
                                      'Password' = $Password;
                                      'Valid' = $Valid}

                $ResultsObject = New-Object -TypeName PSObject -Property $ObjectProperties
                Return $ResultsObject
            }

            Catch {Write-Error $Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage}
	}
}
	function Test-SmbPassword {
	<#
	.SYNOPSIS

	Tests a username and password to see if it is valid against a remote machine or domain.

	Author: Chris Campbell (@obscuresec)
	License: BSD 3-Clause
	Required Dependencies: None
	Optional Dependencies: None
	Version: 0.1.0

	.DESCRIPTION

	Tests a username and password to see if it is valid against a remote machine or domain.

	.EXAMPLE

	PS C:\> Test-SmbPassword -ComputerName 2K8DC -UserName test123 -Password password123456! -Domain

	Password Username Valid
	-------- -------- -----
	password123456! test123 True


	.EXAMPLE

	PS C:\> Get-Content 'c:\demo\usernames.txt' \| Test-SmbPassword -ComputerName 'DC1' -Password 'Passsword123456!' -Domain

	Password Username Valid
	-------- -------- -----
	password123456! test False
	password123456! Administrator False
	password123456! tomcat False
	password123456! test123 True


	.LINK


	#>

	[CmdletBinding()] Param(
	[Parameter(Mandatory = $true)]
	[String] $ComputerName,

	[parameter(Mandatory = $True,ValueFromPipeline=$True)]
	[String] $UserName,

	[parameter(Mandatory = $True)]
	[String] $Password,

	[parameter()]
	[Switch] $Domain
	)

	Begin {Set-StrictMode -Version 2}

	Process {

	#try to load assembly
	Try {Add-Type -AssemblyName System.DirectoryServices.AccountManagement}
	Catch {Write-Error $Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage}

	If ($Domain) {$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain}

	Else {$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine}

	Try {
	$PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ContextType, $ComputerName)

	$Valid = $PrincipalContext.ValidateCredentials($Username, $Password).ToString()

	If ($Valid) {Write-Verbose "SUCCESS: $Username works with $Password"}

	Else {Write-Verbose "FAILURE: $Username did not work with $Password"}

	#Create custom object to output results
	$ObjectProperties = @{'Username' = $UserName;
	'Password' = $Password;
	'Valid' = $Valid}

	$ResultsObject = New-Object -TypeName PSObject -Property $ObjectProperties
	Return $ResultsObject
	}

	Catch {Write-Error $Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage}
	}
	}