Next we provide the function a target website and the path to the dictionary file.
In this example, there is an interesting directory and file that is accessible without credentials. Lets check it out:
It appears that we may have the ability to increase permissions by adding users to different groups on the server. That is definitely a security finding that could aid in a penetration test. As with other scripts and functions that are added to the PowerSploit project, the maintained version is available on the github site.
Get-HttpStatus Function
Please check out the other dictionaries and let me know if you see any other use cases for this script. Thanks for checking this out and if you haven't bought your DerbyCon tickets yet, you should do so! If you are interested in PowerShell and security, Carlos Perez is teaching one of the first courses on the topic: "Introduction to PowerShell for Security Professionals" at this year's DerbyCon so sign up for it. I can't wait!
-Chris