Password Spraying

How to password spray.

Password list creation

Before you begin spraying passwords to the email addresses you may have collated using methods shown in Email Address Discovery. You will need a good quality password list. Here's some things that you can use to create your password list:

Use http://weakpasswords.net/
Use variations of the organisation name + special characters + the current year

Cred Master

A password spraying tool that uses FireProx to rotate IP addresses, stay anonymous, and beat throttling. CredMaster is perfect for attempting to login to the following services:

OWA - Outlook Web Access
--plugin owa

EWS - Exchange Web Services
--plugin ews

O365 - Office365 - DEPRECATED
plugin removed

ADFS - Active Directory Federation Services
--plugin adfs

O365Enum - Office365 User Enum (No Authentication Request)
--plugin o365enum

MSOL - Microsoft Online
--plugin msol

MSGraph - MSGraph Module, msgraph spray point for azure and MSOL credentials
--plugin msgraph

AzureSSO - Azure AD Seamless SSO Endpoint
--plugin azuresso

AzVault - AzVault Module, Azure spray point different to MSOL/AzureSSO
--plugin azvault

Okta - Okta Authentication Portal
--plugin okta

FortinetVPN - Fortinet VPN Client
--plugin fortinetvpn

HTTPBrute - Generic HTTP Brute Methods (Basic/Digest/NTLM)
--plugin httpbrute

GMailEnum - GSuite/Gmail enumeration
--plugin gmailenum

https://github.com/knavesec/CredMaster

python3 credmaster.py --access_key <a_key> --secret_access_key <sec_key> --plugin msol -u email.txt -p passwords.txt -a useragents.txt -t 5 -j 20 -d 30 --passwordsperdelay 2

PreviousExploitation NextVulnerability Scanning

Last updated 5 months ago