Password Spraying

Install Sprayhound

sudo apt-get install libsasl2-dev python3-dev libldap2-dev libssl-dev
git clone https://github.com/Hackndo/sprayhound.git
cd sprayhound
sudo python3 -m pip install -r requirements.txt
sudo aptitude install libsasl2-dev python3-dev libldap2-dev libssl-dev

python3-dev is already installed at the requested version (3.9.2-3)
python3-dev is already installed at the requested version (3.9.2-3)
The following NEW packages will be installed:
  libldap2-dev{b} libsasl2-dev libssl-dev
The following packages will be upgraded:
  libssl1.1
1 packages upgraded, 3 newly installed, 0 to remove and 227 not upgraded.
Need to get 3,999 kB of archives. After unpacking 10.6 MB will be used.
The following packages have unmet dependencies:
 libldap2-dev : Depends: libldap-2.4-2 (= 2.4.57+dfsg-3+deb11u1) but 2.4.59+dfsg-1~bpo11+1 is installed
The following actions will resolve these dependencies:

     Keep the following packages at their current version:
1)     libldap2-dev [Not Installed]



Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:

     Downgrade the following packages:
1)     libldap-2.4-2 [2.4.59+dfsg-1~bpo11+1 (now, parrot-backports) -> 2.4.57+dfsg-3+deb11u1 (parrot, parrot-security)]



Accept this solution? [Y/n/q/?] y
The following packages will be DOWNGRADED:
  libldap-2.4-2
The following NEW packages will be installed:
  libldap2-dev libsasl2-dev libssl-dev
The following packages will be upgraded:
  libssl1.1



sudo python3 setup.py install

We could try sprayhound with a valid user to avoid locking account (option -t to set the number of try left)

We now got three couple of credentials

PreviousExploiting Username - ASREPRoastNextUser listing with GetADUsers and ldapsearch

Last updated