Active Directory Password Spraying
Install Sprayhound
Run (Unauthenticated)
Be careful not to lockout accounts! Unauthenticated has no checks for bad password count!
Run (Authenticated)
-t 2
is used to stop the guessing when you are two attempts away from the lockout
Note that the lockout count will only reset with a valid login even if there is a rule allow more failed attempts after a certain amount of time. Therefore, this doesn't allow you to spay at max frequency.
Last updated