Spray
The spray module provides different password spraying techniques. PsMapExec takes into account the default domain policy's account lockout threshold to prevent user account lockouts. However, it does not consider fine-grained password policies. It's advisable to assess whether such policies are in place within the environment to avoid potentially locking out a significant number of user accounts.
Usage
Targets
When using the Spray method -Targets
parameter can be provided. Specifying "all" we spray all enabled user accounts in the domain. Otherwise, any other value will be treated as a group name. When -Targets
is omitted, PsMapExec will spray all enabled active directory accounts.
Hash
Hash authentication supports RC4/NT, NTLM and AES256 hashes
Password
AccountAsPasswords
Sets the password to the username value. This switch will also attempt to authenticate as computer accounts to identify any that might be current or legacy Pre-Windows 2000 Compatible Computers.
EmptyPassword
Authentication attempts are performed with empty password values.
SuccessOnly
Displays only successful authentication attempts.
Last updated