Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xfreed0m/rdpassspray

Python3 tool to perform password spraying using RDP
https://github.com/xfreed0m/rdpassspray

password-spray passwordspraying pentest-tool pentesting rdp stealth

Last synced: 11 days ago
JSON representation

Python3 tool to perform password spraying using RDP

Host: GitHub
URL: https://github.com/xfreed0m/rdpassspray
Owner: xFreed0m
License: gpl-3.0
Created: 2019-06-05T17:10:42.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-08-17T15:09:50.000Z (about 1 year ago)
Last Synced: 2024-08-01T09:26:00.241Z (3 months ago)
Topics: password-spray, passwordspraying, pentest-tool, pentesting, rdp, stealth
Language: Python
Size: 145 KB
Stars: 626
Watchers: 20
Forks: 241
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# RDPassSpray

RDPassSpary is a python tool to perform password spray attack in a Microsoft domain environment.
ALWAYS VERIFY THE LOCKOUT POLICY TO PREVENT LOCKING USERS.

## How to use it
First, install the needed dependencies:
```
pip3 install -r requirements.txt
```
Second, make sure you have xfreerdp:
```
apt-get install python-apt
apt-get install xfreerdp
````
Last, run the tool with the needed flags:
```
python3 RDPassSpray.py -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -t [TARGET IP]
```

## Options to consider
* -p\\-P
* single password/hash or file with passwords/hashes (one each line)
* -t\\-T
* single target or file with targets (one each line)
* -u\\-U
* single username or file with usernames (one each line)
* --pth
* specify this if the supplied passwords are to be treated as hashes for Pass-The-Hash
* -n
* list of hostname to use when authenticating (more details below)
* -o
* output file name (csv)
* -s
* throttling time (in seconds) between attempts
* -r
* random throttling time between attempts (based on user input for min and max values)

## Advantages for this technique
Failed authentication attempts will produce event ID 4625 ("An account failed to log on") BUT:
* the event won't have the source ip of the attacking machine:
![No source IP](https://github.com/xFreed0m/RDPassSpray/blob/master/no_src_ip.png)
* The event will record the hostname provided to the tool:
![Fake hostname](https://github.com/xFreed0m/RDPassSpray/raw/master/fake_hostname.png)

### Tested OS
Currently was test on Kali Rolling against Windows Server 2012 Domain Controller
I didn't had a full logged environment for deeper testing, if you have one, please let me know how it looks on other systems.

### Sample
![sample](https://github.com/xFreed0m/RDPassSpray/blob/master/sample.png)

### Credit
This tools is based on the POC made by @dafthack - https://github.com/dafthack/RDPSpray

### Issues, bugs and other code-issues
Yeah, I know, this code isn't the best. I'm fine with it as I'm not a developer and this is part of my learning process.
If there is an option to do some of it better, please, let me know.

_Not how many, but where._