From the course: Penetration Testing Essential Training
Join today to access over 25,600 courses taught by industry experts.
Password spraying Active Directory - Linux Tutorial
From the course: Penetration Testing Essential Training
Password spraying Active Directory
- [Instructor] A common way to retrieve credentials from Active Directory is to spray all accessible accounts with a guessed or known password or a list of passwords. There's a number of tools we can use to do this. Let's have a look at the DomainPasswordSpray PowerShell script from dafthack. I've downloaded the DomainPasswordSpray script from the GitHub site onto my domain workstation, and I'm logged in as the domain user, Sam Spade. I can now import the script and run it in PowerShell. Import Module DomainPasswordSpray.ps1. We can run the password spray with just a single password that we've guessed or with a file of passwords. For this demonstration, we'll just use a single password. Invoke Domain PasswordSpray -Password, and we'll guess the password for the accounts might be kittykat. We're getting a few warnings, but we can ignore them for the purposes of the demonstration. And we run the spray and we find that user achtar is using kittykat as the account password. Given that…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.