added user-as-pass option (ropnop#13)

ShonnyG112 · May 21, 2019 · 308f5a6 · 308f5a6
1 parent ecec221
commit 308f5a6
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/cmd/passwordspray.go b/cmd/passwordspray.go
@@ -15,6 +15,8 @@ import (
 var usernameList string
 var password string
 
+// var userAsPass bool
+
 var passwordSprayCmd = &cobra.Command{
 	Use:   "passwordspray [flags] <username_wordlist> <password>",
 	Short: "Test a single password against a list of users",
@@ -23,18 +25,29 @@ If no domain controller is specified, the tool will attempt to look one up via D
 A full domain is required. This domain will be capitalized and used as the Kerberos realm when attempting the bruteforce.
 Succesful logins will be displayed on stdout.
 WARNING: use with caution - failed Kerberos pre-auth can cause account lockouts`,
-	Args:   cobra.ExactArgs(2),
+	Args:   cobra.MinimumNArgs(1),
 	PreRun: setupSession,
 	Run:    passwordSpray,
 }
 
 func init() {
+	passwordSprayCmd.Flags().BoolVar(&userAsPass, "user-as-pass", false, "Spray every account with the username as the password")
 	rootCmd.AddCommand(passwordSprayCmd)
+
 }
 
 func passwordSpray(cmd *cobra.Command, args []string) {
 	usernamelist := args[0]
-	password := args[1]
+	if !userAsPass {
+		if len(args) != 2 {
+			logger.Log.Error("You must specify a password to spray with, or --user-as-pass")
+			os.Exit(1)
+		} else {
+			password = args[1]
+		}
+	} else {
+		password = "foobar" //it doesn't matter, won't use it
+	}
 	stopOnSuccess = false
 
 	usersChan := make(chan string, threads)
@@ -51,7 +64,7 @@ func passwordSpray(cmd *cobra.Command, args []string) {
 	defer file.Close()
 
 	for i := 0; i < threads; i++ {
-		go makeSprayWorker(ctx, usersChan, &wg, password)
+		go makeSprayWorker(ctx, usersChan, &wg, password, userAsPass)
 	}
 	scanner := bufio.NewScanner(file)
 

diff --git a/cmd/setup.go b/cmd/setup.go
@@ -17,6 +17,7 @@ var (
 	safe             bool
 	threads          int
 	stopOnSuccess    bool
+	userAsPass       = false
 	logger           util.Logger
 	kSession         session.KerbruteSession
 

diff --git a/cmd/worker.go b/cmd/worker.go
@@ -7,7 +7,7 @@ import (
 	"sync/atomic"
 )
 
-func makeSprayWorker(ctx context.Context, usernames <-chan string, wg *sync.WaitGroup, password string) {
+func makeSprayWorker(ctx context.Context, usernames <-chan string, wg *sync.WaitGroup, password string, userAsPass bool) {
 	defer wg.Done()
 	for {
 		select {
@@ -17,7 +17,11 @@ func makeSprayWorker(ctx context.Context, usernames <-chan string, wg *sync.Wait
 			if !ok {
 				return
 			}
-			testLogin(ctx, username, password)
+			if userAsPass {
+				testLogin(ctx, username, username)
+			} else {
+				testLogin(ctx, username, password)
+			}
 		}
 	}
 }