Credential spraying with CrackMapExec - Safely

Credential spraying with CrackMapExec (safely)

Not too long ago I worked up an SMB credential spraying script using rpcclient. I haven’t really been using this much as I tend to favor byt3bl33d3r’s CrackMapExec when attacking SMB. On a recent engagement, I accidentally locked out a good number of Windows domain accounts during…

Continue Reading

Credential spraying SMB servers with rpcclient

Credential spraying SMB servers with rpcclient

I’ve been wanting an efficient way to credential spray SMB servers. I typically use byt3bl33d3r’s CrackMapExec when poking SMB servers but wanted a way to rotate single users over multiple passwords and then force the process to sleep for a while (for the sake of account lock-out).…

Continue Reading