Credential spraying with CrackMapExec - Safely

Credential spraying with CrackMapExec (safely)

Not too long ago I worked up an SMB credential spraying script using rpcclient. I haven’t really been using this much as I tend to favor byt3bl33d3r’s CrackMapExec when attacking SMB. On a recent engagement, I accidentally locked out a good number of Windows domain accounts during…

Continue Reading

Credential spraying SMB servers with rpcclient

Credential spraying SMB servers with rpcclient

I’ve been wanting an efficient way to credential spray SMB servers. I typically use byt3bl33d3r’s CrackMapExec when poking SMB servers but wanted a way to rotate single users over multiple passwords and then force the process to sleep for a while (for the sake of account lock-out).…

Continue Reading

Recursive gobuster script

Recursive gobuster script

I was working on some automated tasks to include in my workflow and realized I wanted to use gobuster for launching dictionary-based enumeration on targets. I was currently using dirb for this but gobuster seems to be the faster tool to use. I fell behind on my…

Continue Reading

Pulling web hosts from Nessus output

Pulling web hosts from Nessus output

I hacked a python script together to parse out web hosts (and their corresponding URLs) from nessus XML output. I’m using this as part of my pentesting workflow to feed to other web-based tools like, EyeWitness, Nikto, dirb, gobuster, etc. Feed it a single argument that points…

Continue Reading

Enumerating hosts with nmap

Enumerating hosts with nmap

This is a script I use to enumerate hosts with the nmap scanning tool. Feed it a host/ip and base directory (under which another directory will be created to store enumeration data). Something like: You can also find this in my Gists at github at https://gist.github.com/ryan-wendel/2266751e23641ed0ff38fb7a2c3502cf The…

Continue Reading