-
Notifications
You must be signed in to change notification settings - Fork 2
/
Invoke-DomainDictionary
137 lines (105 loc) · 4.57 KB
/
Invoke-DomainDictionary
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
Function Invoke-DomainDictionary {
param(
[string]$Domain = $env:USERDNSDOMAIN,
[string]$File = "$pwd\DomainDictionary.txt"
)
Try {
New-Item -Path $File -ItemType "File" -Force -ErrorAction "Stop" | Out-Null
}
Catch {
Write-Host
Write-Host "- " -ForegroundColor "Red" -NoNewline
Write-Host "Unable to write to path: $File"
break
}
Function QueryAndWriteProperties {
param(
[string]$Domain,
[string[]]$Properties,
[string]$ObjectClass,
[string]$File
)
Try {
$directoryEntry = [ADSI]"LDAP://$Domain"
$searcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry)
$searcher.PageSize = 1000
$searcher.Filter = "(objectClass=$ObjectClass)"
$searcher.PropertiesToLoad.AddRange($Properties) | Out-Null
$results = $searcher.FindAll()
foreach ($result in $results) {
$output = $Properties | ForEach-Object {
if ($result.Properties[$_].Count -gt 0) {
if ($_ -eq 'description') {
$result.Properties[$_][0] -split '\s+'
} else {
"$($result.Properties[$_][0])"
}
}
}
Add-Content -Path $File -Value ($output -join "`r`n") -Encoding ASCII
}
}
Catch {
Write-Host
Write-Host "- " -ForegroundColor "Red" -NoNewline
Write-Host "Connecting to the Domain"
break
}
Finally {
$searcher.Dispose()
}
}
Function DomainEntityProperties {
param(
[string]$Domain,
[string]$File,
[string]$Entity,
[string[]]$Properties
)
Write-Host "- Gathering domain $Entity properties"
QueryAndWriteProperties -Domain $Domain -Properties $Properties -ObjectClass $Entity -File $File
}
# Property Definitions
$userProperties = @("name", "cn", "description", "givenname", "mail", "samaccountname", "userprincipalname", "sn",
"physicaldeliveryofficename", "st", "postofficebox", "l", "co", "postalcode", "serviceprincipalname")
$computerProperties = @("name", "cn", "description", "samaccountname", "dnshostname", "operatingsystem")
$groupProperties = @("cn", "samaccountname", "description", "name", "mail")
$gpoProperties = @("displayname", "distinguishedname")
$zoneProperties = @("name", "distinguishedname")
$controllerProperties = @("operatingsystemversion", "distinguishedname", "name", "dnshostname", "site", "location")
Function MiscProperties {
param(
[string]$Domain,
[string]$File
)
Write-Host "- Gathering domain miscellaneous properties"
Add-Content -Value $env:USERDNSDOMAIN -Path $File -Encoding ASCII
Add-Content -Value $Domain -Path $File -Encoding ASCII
}
if (Test-Path -Path $File -PathType Leaf) {
Remove-Item -Path $File -Force
}
Write-Host
Write-Host
Write-Host "-[Invoke-DomainDictionary]-" -ForegroundColor "Yellow"
Write-Host
DomainEntityProperties -Domain $Domain -File $File -Entity "user" -Properties $userProperties
DomainEntityProperties -Domain $Domain -File $File -Entity "computer" -Properties $computerProperties
DomainEntityProperties -Domain $Domain -File $File -Entity "group" -Properties $groupProperties
DomainEntityProperties -Domain $Domain -File $File -Entity "groupPolicyContainer" -Properties $gpoProperties
DomainEntityProperties -Domain $Domain -File $File -Entity "dnszone" -Properties $zoneProperties
DomainEntityProperties -Domain $Domain -File $File -Entity "computer" -Properties $controllerProperties
MiscProperties -Domain $Domain -File $File
Get-Content -Path "$File" | ForEach-Object {
$_.ToLower().Trim() -split '[,=]' | ForEach-Object {
$_.Trim()
}
} | Where-Object { $_ -ne '' } | Sort-Object | Get-Unique -AsString | Set-Content -Path "$File" -Force
Write-Host
Write-Host "+ " -NoNewline -ForegroundColor "Green"
Write-Host "For best results run as a wordlist with hashcat and a rule set"
Write-Host "+ " -NoNewline -ForegroundColor "Green"
Write-Host "Results output to $File"
Write-Host "+ " -NoNewline -ForegroundColor "Green"
Write-Host "Total Lines in Wordlist: $((Get-Content -Path $File | Measure-Object -Line).Lines)"
}