Invoke-LocalPasswordSpray is the local equivalent to tools like DomainPasswordSpray. It performs multiple checks to verify that the desired user is not disabled or locked out and tries to avoid the lockout of the user during the attack. (May add an option to spray all local accounts later on, to actual fit the name lol)
The script extracts the local lockout policy via net accounts - This method isn't perfect, but was the only option I came up with, which does not rely on elevated privileges or specific languages.
Define the target user
This paramter takes a file path as input.
Override the system-defined lockout threshold in seconds.
Override the system-defined lockout duration in seconds.
Override the system-defined lockout window in seconds.
Target the user "admin" with the passwords located in "C:\wordlists\common.txt":
Invoke-LocalPasswordSpray -Username "admin" -PasswordList "C:\wordlists\common.txt"
Target the user "test" with the password list "pwlist.txt" in the current directory, while manually setting the lockout policy to 5 attempts and a lockout duration of 30min:
Invoke-LocalPasswordSpray -Username "test" -PasswordList ".\pwlist.txt" -LockoutThreshold 5 -LockoutDuration 1800