Passwords/Password Cracking
RDPassSpray
RDPassSpray is a Python3 tool designed to perform password spraying attacks in a Microsoft domain environment.
Quickstart
git clone https://github.com/xFreed0m/RDPassSpray.git
pip3 install -r requirements.txtapt-get install python-aptapt-get install xfreerdp
Usage
$ python3 RDPassSpray.py -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -t [TARGET IP]
Example
| Flag | Description |
|---|---|
| -p/-P | Single password/hash or file with passwords/hashes (one each line) |
| -t/-T | Single target or file with targets (one each line) |
| -u/-U | Single username or file with usernames (one each line) |
| --pth | Specify this if the supplied passwords are to be treated as hashes for Pass-The-Hash |
| -n | List of hostname to use when authenticating (more details below) |
| -o | Output file name (csv) |
| -s | Throttling time (in seconds) between attempts |
| -r | Random throttling time between attempts (based on user input for min and max values) |
Resources
John the Ripper
John the Ripper is a free password cracking software tool originally developed for the Unix operating system It is frequently used for password testing and breaking due to its ability to combine multiple password crackers into one package, automatically detect password hash types, and include a customizable cracker.
Username Generator
username_generator.py is a script built to create a list of usernames to be used in bruteforcing attacks.