Merge pull request #4 from coj337/Develop

Add continous spraying and persistant storage

ReadMe.md

@@ -50,10 +50,12 @@ TheSprayer.exe -p Passwords.txt -f
 -s, --Server               Required. The IP or hostname of a domain controller
 -U, --Username             Required. Username for domain user to enumerate policies
 -P, --Password             Required. Password for domain user to enumerate policies
--p, --PasswordList         Required. A file containing a line delimited list of passwords or a single password to try
 -u, --UserList             A file containing a line delimited list of usernames or a single user to try
+-p, --PasswordList         Required. A file containing a line delimited list of passwords or a single password to try
 -o, --OutFile              File to output found credentials
 -a, --AttemptsRemaining    Amount of attempts to leave per-account before lockout (Default: 2)
+-c, --Continuous           Continuously spray credentials, waiting between attempts to prevent lockout.
+-n, --NoDb                 Disable using a DB to store previously sprayed creds.
 -f, --Force                Force authentication attempts, even users close to lockout
 --help                     Display this help screen.
 ```

TheSprayer/CommandLineOptions.cs

@@ -28,6 +28,12 @@ public class CommandLineOptions
         [Option('a', "AttemptsRemaining", Required = false, HelpText = "Amount of attempts to leave per-account before lockout (Default: 2)")]
         public int AttemptsRemaining { get; set; }
 
+        [Option('c', "Continuous", Required = false, HelpText = "Continuously spray credentials, waiting between attempts to prevent lockout.")]
+        public bool Continuous { get; set; }
+
+        [Option('n', "NoDb", Required = false, HelpText = "Disable using a DB to store previously sprayed creds.")]
+        public bool NoDb { get; set; }
+
         [Option('f', "Force", Required = false, HelpText = "Force authentication attempts, even users close to lockout")]
         public bool Force { get; set; }
     }

TheSprayer/Db/20210716054454_InitialMigration.cs

@@ -0,0 +1,31 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace TheSprayer.Db
+{
+    public partial class InitialMigration : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "Attempts",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "TEXT", nullable: false),
+                    Username = table.Column<string>(type: "TEXT", nullable: true),
+                    Password = table.Column<string>(type: "TEXT", nullable: true),
+                    LastSprayTime = table.Column<DateTime>(type: "TEXT", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_Attempts", x => x.Id);
+                });
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "Attempts");
+        }
+    }
+}

TheSprayer/Db/20210716060345_AddAutoKey.cs

@@ -0,0 +1,17 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace TheSprayer.Db
+{
+    public partial class AddAutoKey : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+
+        }
+    }
+}

TheSprayer/Db/20210716061202_AddSuccess.cs

@@ -0,0 +1,24 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace TheSprayer.Db
+{
+    public partial class AddSuccess : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<bool>(
+                name: "Success",
+                table: "Attempts",
+                type: "INTEGER",
+                nullable: false,
+                defaultValue: false);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "Success",
+                table: "Attempts");
+        }
+    }
+}

TheSprayer/Db/SprayDbContext.cs

@@ -0,0 +1,20 @@
+using Microsoft.EntityFrameworkCore;
+using System.Reflection;
+using TheSprayer.Models;
+
+namespace TheSprayer.Db
+{
+    public class SprayDbContext : DbContext
+    {
+        public DbSet<CredentialAttempt> Attempts { get; set; }
+
+        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
+        {
+            optionsBuilder.UseSqlite("Filename=TheSprayer.db", options =>
+            {
+                options.MigrationsAssembly(Assembly.GetExecutingAssembly().FullName);
+            });
+            base.OnConfiguring(optionsBuilder);
+        }
+    }
+}

TheSprayer/Db/SprayDbContextModelSnapshot.cs

@@ -0,0 +1,44 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using TheSprayer.Db;
+
+namespace TheSprayer.Db
+{
+    [DbContext(typeof(SprayDbContext))]
+    partial class SprayDbContextModelSnapshot : ModelSnapshot
+    {
+        protected override void BuildModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "5.0.8");
+
+            modelBuilder.Entity("TheSprayer.Models.CredentialAttempt", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("LastSprayTime")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Password")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("Success")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Username")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("Attempts");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

TheSprayer/Models/CredentialAttempt.cs

@@ -0,0 +1,15 @@
+using System;
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace TheSprayer.Models
+{
+    public class CredentialAttempt
+    {
+        [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
+        public string Id { get; set; }
+        public string Username { get; set; }
+        public string Password { get; set; }
+        public bool Success { get; set; }
+        public DateTime LastSprayTime { get; set; }
+    }
+}

TheSprayer/Program.cs

@@ -3,6 +3,7 @@
 using System.Collections.Generic;
 using System.IO;
 using TheSprayer.Helpers;
+using TheSprayer.Services;
 
 namespace TheSprayer
 {
@@ -86,7 +87,7 @@ public static void Main(string[] args)
                 }
 
                 var adService = new ActiveDirectoryService(o.Domain, o.Username, o.Password, o.DomainController);
-                adService.SprayPasswords(passwords, users, remainingAttempts, o.OutFile, o.Force);
+                adService.SprayPasswords(passwords, users, remainingAttempts, o.OutFile, o.Continuous, o.NoDb, o.Force);
             });
         }
     }

TheSprayer/Properties/launchSettings.json

@@ -2,7 +2,7 @@
   "profiles": {
     "TheSprayer": {
       "commandName": "Project",
-      "commandLineArgs": "-d windomain.local -s 192.168.38.102 -U vagrant -P vagrant -p Passwords.txt"
+      "commandLineArgs": "-p vagrant -U vagrant -P vagrant -d windomain.local -s 192.168.38.102"
     }
   }
 }