I recently came across a network penetration test that taught me how to perform password spraying. As usual I began my reconnaissance with nmap on the target machine and part of the nmap results I found that port 445 was open which runs SMB. I enumerated smb using enum4linux and found bunch of username’s and a password.
After that I tried to login using a tool called evilwinrm but it failed which meant that the password wasn’t for that account. My solution to this was try and do password spraying.
Password spraying is a type of brute force attack where a hacker tries to gain access to an organization’s system by testing out a number of commonly used passwords on a large number of accounts. For this I used a tool called crackmapexec.
To install crackmapexec just type in the following code root@kali:- apt-get install -y. After installing just type crackmapexec –help to get the options
After Installing the tool the next step was to perform the bruteforce on the accounts based on the accounts that I had found initially from enum4linux. I had saved the usernames on a txt file which made it more easier to execute the attack. The following was the command that I used
Crackmapexec smb 10.10.10.169 -u usernames -p Welcome123!
When the tool finished I realized the password Welcome123! was for the account melanie and not marko as enum4linux suggested.
When I used evilwinrm I managed to login to the target pc successfully.
Download Password Spraying