Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Passwords containing spaces don't work in password file #15

Open
BeanBagKing opened this issue Sep 27, 2019 · 0 comments
Open

Passwords containing spaces don't work in password file #15

BeanBagKing opened this issue Sep 27, 2019 · 0 comments

Comments

@BeanBagKing
Copy link
Contributor

The title is a presumption of what the issue is based on my results below. It appears that when you have a password file, and a password within that file contains spaces, it does not return proper results (false negative).

In this sample, I'm using a PasswordList containing a single line, "a soapsud Touts the climber3". Note that there is no success message.

PS C:\Users\USER\Desktop\DomainPasswordSpray-master> Invoke-DomainPasswordSpray -UserList C:\Users\USER\Desktop\single_user.txt -PasswordList C:\Users\USER\Desktop\single_pass.txt -OutFile C:\Users\USER\Desktop\results.txt -Debug
[*] Using C:\Users\USER\Desktop\single_user.txt as userlist to spray with
[*] Warning: Users will not be checked for lockout threshold.
[*] The domain password policy observation window is set to 30 minutes.
[*] Setting a 30 minute wait in between sprays.

Confirm Password Spray
Are you sure you want to perform a password spray against 1 accounts?
[Y] Yes  [N] No  [?] Help (default is "Y"): y
[*] Password spraying has begun with  1  passwords
[*] This might take a while depending on the total number of users
[*] Now trying password " against 1 users. Current time is 11:36 AM
[*] Writing successes to C:\Users\USER\Desktop\results.txt
[*] Password spraying is complete
[*] Any passwords that were successfully sprayed have been output to C:\Users\USER\Desktop\results.txt

In this sample, I've tried the same user and same password, but now I'm using the password in-line and enclosed in quotes. This time there is a success message.

PS C:\Users\USER\Desktop\DomainPasswordSpray-master> Invoke-DomainPasswordSpray -UserList C:\Users\USER\Desktop\single_user.txt -Password "a soapsud Touts the climber3" -OutFile C:\Users\USER\Desktop\results.txt
[*] Using C:\Users\USER\Desktop\single_user.txt as userlist to spray with
[*] Warning: Users will not be checked for lockout threshold.
[*] The domain password policy observation window is set to 30 minutes.
[*] Setting a 30 minute wait in between sprays.

Confirm Password Spray
Are you sure you want to perform a password spray against 1 accounts?
[Y] Yes  [N] No  [?] Help (default is "Y"): y
[*] Password spraying has begun with  1  passwords
[*] This might take a while depending on the total number of users
[*] Now trying password a soapsud Touts the climber3 against 1 users. Current time is 11:37 AM
[*] Writing successes to C:\Users\USER\Desktop\results.txt
[*] SUCCESS! User:USER Password:a soapsud Touts the climber3
[*] Password spraying is complete
[*] Any passwords that were successfully sprayed have been output to C:\Users\USER\Desktop\results.txt
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant