-->

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts


SharpSpray is a Windows domain password spraying tool written in .NET C#.


Introduction

SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services.


Features
  • Can operate from inside and outside a domain context.
  • Exclude domain disabled accounts from the spraying.
  • Auto gathers domain users from the Active directory.
  • Avoid potential lockouts by excluding accounts within one attempt of locking out.
  • Avoid potential lockouts by auto-gathering domain lockout observation window settings.
  • Compatible with Domain Fine-Grained Password policies.
  • Custom LDAP filter for users, e.g. (description=admin)
  • Delay in seconds between each authentication attempt.
  • Jitter between each authentication attempt.
  • Support a single password or a list of passwords.
  • Single file Console Application.

Usage

Command Line Args
Username list file path. This will be automatically fetched from the active directory if not specified. -p A single password that will be used to perform the password spray. -k, --pl (Optional) Password List file path. -d (Optional) Specify a domain name. -m Use this option if spraying from a host located outside the Domain context. -q, --dc-ip Required when the option 'm' OutsideDomain is checked -x Attempts to exclude disabled accounts from the user list (Not supported with the option -m) -z Exclude accounts within 1 attempt of locking out (Not supported with the option -m) -f Custom LDAP filter for users, e.g. "(description=*admin*)" -o A file to output the results to. -w Do not relay on domain lockout observation window settings and use this specific value. (Default 32 minute) -s (Optional) Delay in seconds between each authentication attempt. -j (Optional) Jitter in seconds. --Force Force start without asking for confirmation. --get-users-list Get the domain users list from the active directory. --show-examples Get domain users list from the active directory. --show-args Show command line args --help Display this help screen. ">
> SharpSpray.exe --help  -v, --Verbose       Show verbose messages.  -u                  (Optional) Username list file path. This will be                      automatically fetched from the active directory if not specified.  -p                  A single password that will be used to perform the password spray.  -k, --pl            (Optional) Password List file path.  -d                  (Optional) Specify a domain name.  -m                  Use this option if spraying from a host located outside the Domain context.  -q, --dc-ip         Required when the option 'm' OutsideDomain is checked  -x                  Attempts to exclude disabled accounts                      from the user list (Not supported with the option -m)  -z                  Exclude accounts within 1 attempt of                      locking out (Not supported with the option -m)  -f                  Custom LDAP filter for users, e   .g. "(description=*admin*)"  -o                  A file to output the results to.  -w                  Do not relay on domain lockout observation window settings and use this specific value. (Default 32 minute)  -s                  (Optional) Delay in seconds between each authentication attempt.  -j                  (Optional) Jitter in seconds.  --Force             Force start without asking for confirmation.  --get-users-list    Get the domain users list from the active directory.  --show-examples     Get domain users list from the active directory.  --show-args         Show command line args  --help              Display this help screen.

Usage Examples
SharpSpray.exe -v -x -z --pl password.txtSharpSpray.exe -x -z -u users.txt --pl psswd.txtSharpSpray.exe -x -z -u users.txt -p Passw0rd!SharpSpray.exe -x -z -s 3 -j 1 -u users.txt -k psswd.txt -o sprayed.txtSharpSpray.exe -w 32 -m -d DC-1.local --dc-ip 10.10.20.20 -u users.txt --pl psswd.txtSharpSpray.exe -w 32 -s 3 -j 1 -m -d DC-1.local --dc-ip 10.10.20.20 -u users.txt --pl psswd.txtSharpSpray.exe --get-users-listSharpSpray.exe --get-users-list > users.txtPS> .\SharpSpray.exe --get-users-list | Out-File -Encoding ascii users.txt

Fetching only the users list from the Active Directory

The following command will fetch domain users and prints the list to the console.

SharpSpray.exe -x -z --get-users-list-x: Exclude disabled accounts from the user list.-z: Exclude accounts within 1 attempt of locking out.

Meta

SharpSpray | Active Directory Password Spraying Tool



Disqus Comments