RDP Thief Master With API Hooking
RDP Thief Master With API Hooking
RDPassSpray
RDPassSpary is a python tool to perform password spray attack in a Microsoft domain environment. ALWAYS VERIFY THE LOCKOUT POLICY TO PREVENT LOCKING USERS.
How to use it
First, install the needed dependencies:
pip3 install -r requirements.txt
Second, make sure you have xfreerdp:
apt-get install python-apt
apt-get install xfreerdp
Last, run the tool with the needed flags:
python3 RDPassSpray.py -u [USERNAME] -p [PASSWORD] -d [DOMAIN] -t [TARGET IP]
Options to consider
-p\-P
single password/hash or file with passwords/hashes (one each line)
-t\-T
single target or file with targets (one each line)
-u\-U
single username or file with usernames (one each line)
--pth
specify this if the supplied passwords are to be treated as hashes for Pass-The-Hash
-n
list of hostname to use when authenticating (more details below)
-o
output file name (csv)
-s
throttling time (in seconds) between attempts
-r
random throttling time between attempts (based on user input for min and max values)
Advantages for this technique
Failed authentication attempts will produce event ID 4625 ("An account failed to log on") BUT:
the event won't have the source ip of the attacking machine:
Download Link
Download Link
[/center]