S3cur3Th1sSh1t
commented
3 years ago Hi,
Collect general domain information doen't open up the domainpasswordspray function:
I could, however remove this check. because a userlist is generated anyway via PowerView afterwards.
Greetings
sp00ks-git
Hi, The option "1. Collect general domain information" is quite misleading as it goes on to start a password spray. It would be better if these were two different options. as Just gathering information about the domain is really important without needing to act upon the results directly. Also in large organisations this would hang for 30 minutes+ in my experience trying to get the user list up and ready. (40k Users AD)