Password Spraying

21/01/2023

shuciran

Crackmapexec

While executing a Password Spraying attack with crackmapexec always run the --continue-on-success flag, sometimes there are some cases when two users can have the same password

  
crackmapexec winrm 10.10.10.248 -u users -p 'NewIntelligenceCorpUser9876' --continue-on-success

Examples: Intelligence

Kerbrute

Users file must be only the user not the domain (correct: ksimpson, incorrect: ksimpson@scrm.local)

  
kerbrute bruteuser --dc 10.10.11.168 -d scrm.local <users> <password>

12 Active Directory, AD - Enumeration

WebShells
FTP (tcp-21)
Reverse Shells
Finding GUID with ipainstaller
Plist Files

exploitation wireless file transfer hackthebox active directory scr windows privesc mobile linux enumeration linux privesc

Password Spraying

Crackmapexec

Kerbrute

PowerView Modules

ASREPRoast Attack

Responder