🥷
Active directory

SharpSpray

SharpSpray is a.NET C# password-spraying programme for Windows domains. It is a modified version of DomainPasswordSpray that was ported to C#. The utility communicates with ActiveDirectory services using the LDAP protocol.

Tool Source

SharpSpray is a password spraying tool designed for Windows domains, and it is written in .NET C#. It is essentially a C# port of DomainPasswordSpray with additional capabilities. This tool utilizes the LDAP protocol to communicate with Active Directory services, making it a versatile resource for assessing password security within Windows domains.

Features

  • Operates     from both inside and outside a domain context.
  • Excludes     disabled accounts from the spraying process.
  • Automatically     gathers domain users from the Active Directory.
  • Avoids     potential lockouts by excluding accounts within one attempt of locking     out.
  • Auto-gathers     domain lockout observation window settings.
  • Compatible     with Domain Fine-Grained Password policies.
  • Supports     custom LDAP filters for users (e.g., (description=admin)).
  • Allows     specifying a single password or a list of passwords.
  • Single     file Console Application.

Usage

Command Line Args:

·        -v, --Verbose: Show verbose messages.

·        -u: (Optional) Username list file path.Automatically fetched from the Active Directory if not specified.

·        -p: A single password or a list split by '|' forpassword spraying.

·        -k, --pl: (Optional) Password List file path.

·        -d: (Optional) Specify a domain name.

·        -m: Use this option if spraying from a hostlocated outside the Domain context.

·        -q, --dc-ip: Required when the option 'm'(OutsideDomain) is checked.

·        -x: Attempts to exclude disabled accounts fromthe user list (Not supported with the option -m).

·        -z: Exclude accounts within 1 attempt of lockingout (Not supported with the option -m).

·        -f: Custom LDAP filter for users, e.g.,"(description=admin)".

·        -o: A file to output the results to.

·        -w: Do not rely on domain lockout observationwindow settings; use this specific value. (Default 32 minutes)

·        -s: (Optional) Delay in seconds between eachauthentication attempt.

·        -j: (Optional) Jitter in seconds.

·        --Force: Force start without asking forconfirmation.

·        --get-users-list: Get the domain users list fromthe Active Directory.

·        --show-examples: Show usage examples.

·        --show-args: Show command line args.

·        --help: Display help.

Usage Examples

# Outside domain context

Using in Cobalt Strike:

Fetching Only the Users List from the Active Directory:

The following command will fetch domain users and print thelist to the console.

-x: Exclude disabled accounts from the user list.

-z: Exclude accounts within 1 attempt of locking out.

Table of Contents:

Navigation

HomeTools

Services by CQR

Penetration Testing
Social Engineering
OSINT Recon
Vulnerability Assessment
Automotive Penetration Testing
DevSecOps
Smart Contract Audit
Incident Response
SOC Services
Risk Assessment
API Penetration Testing
Active Directory Audit
Fuzz Testing
Security Code Review
NOC Service
Forensics
Reverse Engineering

Related Posts

OSINT Recon: what is open source inteligence

October 2, 2023

Explore Tools Categories

🔎

Osint

🎩

Brute-force

🥷

Active directory

📵

Wireless security

🌩️

Cloud Security

🧩

Network assessment

🕸️

Web vulnerability detection

📝

Information Gathering Tools

📶

Wireless Attacks

💫

Vulnerability Analysis

⚗️

Forensics Tools

⚠️

Stress Testing

👓

Sniffing & Spoofing

Tools