Documentation Index
Fetch the complete documentation index at: https://docs.specterops.io/llms.txt
Use this file to discover all available pages before exploring further.
Summary
Tests a password against a user to see if it’s valid via an API call
- Needs Admin: False
- Version: 1
- Author: @its_a_feature_
Arguments
password
- Description: Password to test
- Required Value: True
- Default Value: None
username
- Description: Local user to test against
- Required Value: True
- Default Value: None
Usage
test_password username password
MITRE ATT&CK Mapping
Detailed Summary
Uses the OpenDirectory Framework to test a local username/password combination.
let session = $.ODSession.defaultSession;
let sessionType = 0x2201 // $.kODNodeTypeAuthentication
let recType = $.kODRecordTypeUsers
let node = $.ODNode.nodeWithSessionTypeError(session, sessionType, $());
let user = node.recordWithRecordTypeNameAttributesError(recType,$(username), $(), $())
if(user.js !== undefined){
if(user.verifyPasswordError($(password),$())){
return {"user_output":"Successful authentication", "completed": true};
}
else{
return {"user_output":"Failed authentication", "completed": true};
}
}
