Spray is a specialized password spraying tool developed by Jacob Wilkin (Greenwolf). This tool is designed for conducting password spraying attacks on Active Directory credentials. It offers a flexible and powerful approach to testing the security of various services by attempting a single password against multiple usernames, making it valuable for assessing the strength of password policies and identifying potential security vulnerabilities in an Active Directory environment.
Installation
The prerequisites for Spray are:
- rpcclient
- curl
On Kali Linux, these requirements come preinstalled. Onother systems or macOS, ensure that curl and rpcclient areinstalled using apt-get or brew, respectively.
How to Use
Spray supports password spraying attacks on variousservices. Below are examples for different scenarios:
SMB
To password spray an SMB portal:
Example:
Optional:Skip Username%Username Spray
OWA
To password spray an OWA portal:
Example:
Lync
To password spray a Lync service:
Example:
CISCO Web VPN
To password spray a CISCO Web VPN service:
Example:
OpenVPN Web Portal
To password spray an OpenVPN web portal:
Example:
Password List Update
To update the supplied password list to the current year:
Example:
Optional: Provide a company name to add to the list
Example:
Username Generation
To generate a username list from common names:
Example:
Example:
Additional Information
- Author: Jacob Wilkin - Research and Development - Trustwave SpiderLabs
- License: GNU General Public License (GPL), version 3
