Attacking Active Directory | Password Spraying
Vložit
- čas přidán 2. 09. 2020
- If you've watched my previous videos, you'll know that I came across a huge list of compromised accounts. I was shocked to see just how many of those accounts were using basic passwords, so I decided to show you the power of Password Spraying when basic passwords are in use within your environment. Please consider sharing with a friend, hitting the like button, and subscribing!
Disclaimer: This content is intended to be consumed by cyber security professionals, ethical hackers, and penetration testers. Any attacks performed in this video should only be performed in environments that you control or have explicit permission to perform them on.
Tool featured in this video: github.com/Greenwolf/Spray
👇 SUBSCRIBE TO INFINITELOGINS CZcams CHANNEL NOW 👇
czcams.com/users/infinitelog...
___________________________________________
Social Media:
Website: infinitelogins.com/
Twitter: / infinitelogins
Twitch: / infinitelogins
___________________________________________
Donations and Support:
Like my content? Please consider supporting me on Patreon:
/ infinitelogins
Purchase a VPN Using my Affiliate Link
www.privateinternetaccess.com...
___________________________________________
Tags:
#PasswordSpraying #StrongPasswords #CyberSecurity - Věda a technologie
Good work, want to see setup python on windows from scratch and how to run scripts from it as most of the hacking related scripts are based on python and not every one knows Linux.
Thanks for the idea!
Hi Sir your video was very but i cant get out in this error
pray 2.1 the Password Sprayer by Jacob Wilkin(Greenwolf)
Spraying with password: Users Username
Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE
Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE
Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE
Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE
maybe you can help me with this, i been searching in the internet i cant find any solution. I was able to ping my domain IP. Thank you
Does anyone know what type of log entries are generated for this type of attack.. 4624 ?
Great question! Assuming you're in a domain environment, you'll want to make sure you have a GPO setup to "Audit Logon Events" for success and failures. Once that is in place, I believe the event IDs you need to monitor for are below, but you'll want to test and verify this.
Pre Server 2008:
Logon Success: Event ID 528
Logon Failure: Event ID 529 - 537
Account Lockout: Event ID 539
Server 2008 and Newer:
Logon Success: Event ID 4624
Logon Failure: Event ID 4625
@@InfiniteLogins Thank you, that is really helpful !