Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Divide by zero error when calculating delay #21

Open
BeanBagKing opened this issue Feb 24, 2021 · 3 comments
Open

Divide by zero error when calculating delay #21

BeanBagKing opened this issue Feb 24, 2021 · 3 comments

Comments

@BeanBagKing
Copy link
Contributor

BeanBagKing commented Feb 24, 2021

As a note here, I didn't set a -Delay value, because it previously defaulted to 30 minutes, which was acceptable. It looks like that default is still there, if I'm reading the code correctly. However, when running the script, I received a divide by zero error and no delay. The error message is reproduced below, please let me know if there is any other information I can provide.

I just noticed a "ConvertLargeIntegerToInt64" error prior to this that may be part of the problem. I missed it earlier because I thought it was another "Cannot index into null array" error. I also received a null array error for line 347 (in addition to the two for 538 and 539) when running Get-DomainUserList.

PS C:\Users\<snip>\Desktop\DomainPasswordSpray> Invoke-DomainPasswordSpray -UserList userlist.txt -Domain <snip> -PasswordList passlist.txt -OutFile sprayed-creds.txt
[*] Using userlist.txt as userlist to spray with
[*] Warning: Users will not be checked for lockout threshold.
[*] WARNING - Be very careful not to lock out accounts with the password list option!
Cannot index into a null array.
At C:\Users\<snip>\Desktop\DomainPasswordSpray\DomainPasswordSpray.ps1:538 char:5
+     $lockObservationWindow_attr = $DomainEntry.Properties['lockoutObs ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArray

Method invocation failed because [System.String] does not contain a method named 'ConvertLargeIntegerToInt64'.
At C:\Users\<snip>\Desktop\DomainPasswordSpray\DomainPasswordSpray.ps1:539 char:5
+     $observation_window = $DomainEntry.ConvertLargeIntegerToInt64($lo ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

[*] The domain password policy observation window is set to  minutes.
[*] Setting a  minute wait in between sprays.

Confirm Password Spray
Are you sure you want to perform a password spray against <snip> accounts?
[Y] Yes  [N] No  [?] Help (default is "Y"): y
[*] Password spraying has begun with  27  passwords
[*] This might take a while depending on the total number of users
[*] Now trying password <snip> against <snip> users. Current time is 10:41 AM
[*] Writing successes to sprayed-creds.txt
[*] SUCCESS! User:<snip> Password:<snip>
Attempted to divide by zero.
At C:\Users\<snip>\Desktop\DomainPasswordSpray\DomainPasswordSpray.ps1:245 char:96
+ ... atus "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) second ...
+                                                 ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException

Attempted to divide by zero.
At C:\Users\<snip>\Desktop\DomainPasswordSpray\DomainPasswordSpray.ps1:245 char:96
+ ... atus "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) second ...
+                                                 ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException

[*] Now trying password <snip>! against <snip> users. Current time is 11:06 AM
[*] Writing successes to sprayed-creds.txt

PS C:\Users\<snip>\Desktop\DomainPasswordSpray> ^C
PS C:\Users\<snip>\Desktop\DomainPasswordSpray> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.1490
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.1490
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Edit: Updated to contain more information

@BeanBagKing
Copy link
Contributor Author

Started a new spray and added -Delay 1860. I still recieved both the null array and the "ConvertLargeIntegerToInt64" error. It got to the point of "Are you sure you want to perform a password spray..." prompt. I hit yes and it displayed the "1 of XXXX users tested" and froze there. In other words, the "1" did not increment. After a minute I ctrl+c'ed that run, backed out the delay, and started again. Everything seemed to run fine.

@BeanBagKing
Copy link
Contributor Author

BeanBagKing commented Feb 25, 2021

Tagging @egypt

Edit: Fixed this by adding $DomainEntry = [ADSI]$DomainEntry as the first entry in the Get-ObservationWindow function (now line 538). Not sure about the Null array errors. Still doing some testing.

Edit2: Inserting my own delay still seems to make it freeze on "1 of XXX users tested"

Edit3: Ok, the delay thing might have been my own misunderstanding. My assumption was that this was a customizable delay between each password spray. It looks like it's a delay between each individual account tested though.

BeanBagKing added a commit to BeanBagKing/DomainPasswordSpray that referenced this issue Feb 25, 2021
@nitsewg
Copy link

nitsewg commented Sep 28, 2021

I am running into this as well. Basically defaults to no wait between sprays. I tried adding $DomainEntry = [ADSI]$DomainEntry, but that didn't make a difference..

At C:\DomainPasswordSpray-master\domainpasswordspray.ps1:245 char:96
+ ... atus "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) second ...
+                                                 ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException

Attempted to divide by zero.
At C:\DomainPasswordSpray-master\domainpasswordspray.ps1:245 char:96
+ ... atus "Waiting for $($Seconds/60) minutes. $($Seconds - $Count) second ...
+                                                 ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], RuntimeException
    + FullyQualifiedErrorId : RuntimeException```

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants