From the course: Advanced Pen Testing Techniques for Active Directory
Join today to access over 24,900 courses taught by industry experts.
Password spraying Active Directory - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Password spraying Active Directory
- A common way to retrieve credentials from Active Directory is to spray all accessible accounts with a guest or known password or a list of passwords. There's a number of tools we can use to do this. Let's have a look at the domain password spray PowerShell script from Dafthack. I've downloaded the domain password spray script from the GitHub site onto my domain workstation and I'm logged in as the domain user Sam Spade. I can now import the script and run it in PowerShell. We'll get a few warnings, but we can ignore them for the purposes of the course. Import-Module, and I've got that loaded at c:/tools/dafthack/DomainPasswordSpray.ps1. Okay, now let's try it with a password guess. Invoke-DomainPasswordSpray -Password and we'll try the password kitty-kat on all our accounts. And yes, we want to spray that. And we find akatt42 is using this password. We can also run against a dictionary file but this takes a while.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Set up for testing4m 19s
-
(Locked)
Extract the AD hashes4m 29s
-
(Locked)
Password spraying Active Directory2m 30s
-
(Locked)
Kerberos brute-forcing attacks2m 56s
-
(Locked)
Use CrackMapExec to access and enumerate AD2m 41s
-
(Locked)
Investigate the SYSVOL share2m 51s
-
(Locked)
Take advantage of legacy data1m 56s
-
-
-