Top tools for password-spraying attacks in active directory networks Complete Guide By Blackhat Pakistan 2023

Today we will learn about Top tools for password-spraying attacks in active directory networks.

Word imagining is principally an art form when this attempt is did on a large scale against a large group of users. word scattering attacks are part of this terrain, and they can be carried out in different situations, including active directory networks. In short, this attack attempts to authenticate into multitudinous user accounts using the same word. Because of this, marketable networks are constantly targeted, as carrying usernames from a company can be an easy task these days with the help of OSINT ways simply by using social networks analogous as LinkedIn or Facebook.

According to Microsoft, the three way to conduct a word- scattering attack are:

  • Develop a list of usernames jumping with a list [email protected]
  • Spray watchwords testing popular and common watchwords( 123456, word, and Winter21!). See the top, 000 watchwords.)
  • Gain access one of the tested attempts works, and the account can be abused to enumerate means in the advertisement network, exploit authenticated services and put the association at trouble.
Figure 1: Workflow where the password “Summer2016” was spread against an Active Directory network. The user “Glen” was a match, and privileged access over the corporate network was obtained.

Popular tools for password spraying attacks[Top tools for password-spraying attacks]:


MSOLSpray is a word scattering tool used against Microsoft Online accounts( Azure/ O365). In detail, the script logs if a user cred is valid, the MFA medium is enabled, if the user account does n’t live, is locked, or is bloodied.

This device can be applied with the following masteries:

Import-Module MSOLSpray.ps1Invoke-MSOLSpray -UserList .\userlist.txt -Password Winter2020



Ruler is a tool used to interact with Exchange servers. The main goal of the ruler is to abuse the client-side Outlook features, including performing password-guessing attacks and gaining remote privileges.



CrackMapExec, similarly called CME, is a tool that helps to automate the guard of big Active Directory nets. To perform word scattering attacks with CME, we can use the coming command:

#~ cme smb -u /path/to/users.txt -p Summer18

Other CME commands can be seen here



Talon is a tool created to execute word guessing attacks while remaining undetected. Talon can use a single sphere regulator or multiple bones
to perform these guessing attacks, randomizing each attempt between the sphere regulators and services( LDAP or Kerberos).

Talon can be used with the following command:

[email protected]:~# ./Talon -Hostfile DCs -Userfile ValidUsers -D STARLABS.local -P "Password!" --sleep 2



DomainPasswordSpray is a tool developed in PowerShell to perform a word spray attack. By dereliction, it’ll automatically induce the stoner list from the sphere.

Command to execute the script:

Invoke-DomainPasswordSpray -UserList .\users.txt -Password 123456 -Verbose


This is a collection of tools to list and attack tone- hosted Skype for Business and Microsoft Lync installations.

The tool can be executed with the following commands:

python enum -H -U usernamelist.txt -P passwordlist.txt -d CONTOSO -o CONTOSO_output.txtpython enum -H -U usernamelist.txt -p Winter2017 -d CONTOSO


Password spraying

Word scattering attacks are frequently the first test conducted to corroborate the security of a commercial network. As it’s easy to gain valid usernames from a target pot, culprits have abused this attack to get an original base over internal networks. Because of this, active defense is demanded, icing that weak and popular watchwords aren’t used by workers to put at threat the internal waiters.

Also Read:UEFI Boot vs. the MBR/VBR Boot Process-byBlackhat Pakistan 2023

On the other hand, setting account walkout programs after some failed attempts is also a good measure to alleviate the pitfalls. enforcing a CAPTCHA medium and the operation ofmulti-factor authentication can also limit the possibility of a well- succeeded attack.



Leave a Reply

Your email address will not be published. Required fields are marked *