PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell
⚠️ Notice: this version is slower than WinBruteLogon but has the serious advantage of being 100% entirely coded in PowerShell. In a near future, password attempts will be distributed to separate threads to speed up the process. Also keep in mind that this method is very noisy, each failed attempt will get logged on Microsoft Windows Event Logs.
You might find useful information about the technique used in this PoC here
Microsoft Windows suffer from a serious lack of protection in their authentication mechanism which could led in privilege escalation.
Indeed, in default installation of Windows (all version), the account lockdown policy is disabled plus authentication API's doesn't limit number of attempts per seconds which could led to a medium to fast brute-force attacks.
Using our PoC and depending of the number of cores available in the target system you could test from few thousands to dozen of thousands of password per second.
Considering that those kind of authentication API's could be used by any Windows account, even a Guest user could use the PoC to recover / crack the password of any local user and escalate his privilege.Read more...