I recently came across a network penetration test that taught me how to perform password spraying. As usual I began my reconnaissance with nmap on the target machine and part of the nmap results I found that port 445 was open which runs SMB. I enumerated smb using enum4linux and found bunch of username’s and a password.

After that I tried to login using a tool called evilwinrm but it failed which meant that the password wasn’t for that account. My solution to this was try and do password spraying.

Password spraying is a type of brute force attack where a hacker tries to gain access to an organization’s system by testing out a number of commonly used passwords on a large number of accounts. For this I used a tool called crackmapexec.

To install crackmapexec just type in the following code root@kali:- apt-get install -y. After installing just type crackmapexec –help to get the options

After Installing the tool the next step was to perform the bruteforce on the accounts based on the accounts that I had found initially from enum4linux. I had saved the usernames on a txt file which made it more easier to execute the attack. The following was the command that I used

Crackmapexec smb -u usernames -p Welcome123!

When the tool finished I realized the password Welcome123! was for the account melanie and not marko as enum4linux suggested.

When I used evilwinrm I managed to login to the target pc successfully.





Download Password Spraying


Leave a Reply

Your email address will not be published. Required fields are marked *