Password Spraying
How to password spray.
Password list creation
Before you begin spraying passwords to the email addresses you may have collated using methods shown in Email Address Discovery. You will need a good quality password list. Here's some things that you can use to create your password list:
Use variations of the organisation name + special characters + the current year
Cred Master
A password spraying tool that uses FireProx to rotate IP addresses, stay anonymous, and beat throttling. CredMaster is perfect for attempting to login to the following services:
OWA - Outlook Web Access
--plugin owa
EWS - Exchange Web Services
--plugin ews
O365 - Office365 - DEPRECATED
plugin removed
ADFS - Active Directory Federation Services
--plugin adfs
O365Enum - Office365 User Enum (No Authentication Request)
--plugin o365enum
MSOL - Microsoft Online
--plugin msol
MSGraph - MSGraph Module, msgraph spray point for azure and MSOL credentials
--plugin msgraph
AzureSSO - Azure AD Seamless SSO Endpoint
--plugin azuresso
AzVault - AzVault Module, Azure spray point different to MSOL/AzureSSO
--plugin azvault
Okta - Okta Authentication Portal
--plugin okta
FortinetVPN - Fortinet VPN Client
--plugin fortinetvpn
HTTPBrute - Generic HTTP Brute Methods (Basic/Digest/NTLM)
--plugin httpbrute
GMailEnum - GSuite/Gmail enumeration
--plugin gmailenum
python3 credmaster.py --access_key <a_key> --secret_access_key <sec_key> --plugin msol -u email.txt -p passwords.txt -a useragents.txt -t 5 -j 20 -d 30 --passwordsperdelay 2
Last updated