Password Spraying with Powershell

September 20, 2023 0 Comments

Password spraying is a type of cyberattack that is used by hackers to gain unauthorized access to user accounts or computer systems. It is a technique in which the attacker attempts to access multiple accounts or systems by trying a few commonly used passwords or a list of commonly used passwords against many usernames or accounts.

First, l am going to disable Defender by running the following from an Administrator PowerShell prompt:

From a command prompt, I m going to go to the tools directory.

From this directory, I am going to generate 200 users on the system.

Now, I need to invoke PowerShell to be able to run LocalPasswordSpray. First, I am going to set the execution policy unrestricted so that I can run any script that I want on the computer system. Then, I’m going to import the Powershell module “LocalPasswordSpray”.

I am ready to try some password spraying against the local system. I am going to invoke my module and give it a password of winter 2020. Now, it’s going to dump all of the users on the computer system and then it’s going to attempt to authenticate to every single user as the password “winter 2020”:

I was able to find 6 users that used this password out of the 200 users generated list.

Leave a Reply

Your email address will not be published. Required fields are marked *