You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The title is a presumption of what the issue is based on my results below. It appears that when you have a password file, and a password within that file contains spaces, it does not return proper results (false negative).
In this sample, I'm using a PasswordList containing a single line, "a soapsud Touts the climber3". Note that there is no success message.
PS C:\Users\USER\Desktop\DomainPasswordSpray-master> Invoke-DomainPasswordSpray -UserList C:\Users\USER\Desktop\single_user.txt -PasswordList C:\Users\USER\Desktop\single_pass.txt -OutFile C:\Users\USER\Desktop\results.txt -Debug
[*] Using C:\Users\USER\Desktop\single_user.txt as userlist to spray with
[*] Warning: Users will not be checked for lockout threshold.
[*] The domain password policy observation window is set to 30 minutes.
[*] Setting a 30 minute wait in between sprays.
Confirm Password Spray
Are you sure you want to perform a password spray against 1 accounts?
[Y] Yes [N] No [?] Help (default is "Y"): y
[*] Password spraying has begun with 1 passwords
[*] This might take a while depending on the total number of users
[*] Now trying password " against 1 users. Current time is 11:36 AM
[*] Writing successes to C:\Users\USER\Desktop\results.txt
[*] Password spraying is complete
[*] Any passwords that were successfully sprayed have been output to C:\Users\USER\Desktop\results.txt
In this sample, I've tried the same user and same password, but now I'm using the password in-line and enclosed in quotes. This time there is a success message.
PS C:\Users\USER\Desktop\DomainPasswordSpray-master> Invoke-DomainPasswordSpray -UserList C:\Users\USER\Desktop\single_user.txt -Password "a soapsud Touts the climber3" -OutFile C:\Users\USER\Desktop\results.txt
[*] Using C:\Users\USER\Desktop\single_user.txt as userlist to spray with
[*] Warning: Users will not be checked for lockout threshold.
[*] The domain password policy observation window is set to 30 minutes.
[*] Setting a 30 minute wait in between sprays.
Confirm Password Spray
Are you sure you want to perform a password spray against 1 accounts?
[Y] Yes [N] No [?] Help (default is "Y"): y
[*] Password spraying has begun with 1 passwords
[*] This might take a while depending on the total number of users
[*] Now trying password a soapsud Touts the climber3 against 1 users. Current time is 11:37 AM
[*] Writing successes to C:\Users\USER\Desktop\results.txt
[*] SUCCESS! User:USER Password:a soapsud Touts the climber3
[*] Password spraying is complete
[*] Any passwords that were successfully sprayed have been output to C:\Users\USER\Desktop\results.txt
The text was updated successfully, but these errors were encountered:
The title is a presumption of what the issue is based on my results below. It appears that when you have a password file, and a password within that file contains spaces, it does not return proper results (false negative).
In this sample, I'm using a PasswordList containing a single line, "a soapsud Touts the climber3". Note that there is no success message.
In this sample, I've tried the same user and same password, but now I'm using the password in-line and enclosed in quotes. This time there is a success message.
The text was updated successfully, but these errors were encountered: