def main()

in cortado/rtas/brute_force_login.py [0:0]

• 27 lines of code
• 5 McCabe index (conditional complexity)

def main():
    username = "rta-tester"
    remote_host = None

    if not remote_host:
        log.error("A remote host is required to detonate this RTA")
        raise _common.ExecutionError("Remote host is not provided")

    _ = _common.enable_logon_audit(remote_host)

    log.info("Brute forcing login with invalid password against {}".format(remote_host))
    ps_command = """
    $PW = ConvertTo-SecureString "such-secure-passW0RD!" -AsPlainText -Force
    $CREDS = New-Object System.Management.Automation.PsCredential {username}, $PW
    Invoke-WmiMethod -ComputerName {host} -Class Win32_process -Name create -ArgumentList ipconfig -Credential $CREDS
    """
    command = [
        "powershell",
        "-c",
        ps_command.format(username=username, host=remote_host),
    ]

    # fail 4 times
    for _ in range(4):
        _ = _common.execute_command(command, timeout_secs=2)

    time.sleep(1)

    log.info("Password spraying against {}".format(remote_host))

    # fail 5 times
    for _ in range(5):
        random_user = "".join(random.sample(string.ascii_letters, 10))
        command = [
            "powershell",
            "-c",
            ps_command.format(username=random_user, host=remote_host),
        ]
        _ = _common.execute_command(command)

    # allow time for audit event to process
    time.sleep(2)