S3cur3Th1sSh1t / WinPwn

Automation for internal Windows Penetrationtest / AD-Security
BSD 3-Clause "New" or "Revised" License
3.34k stars 518 forks source link

Unable to simulate Password Spraying attack as no text file is created under Exploitation folder #43

Closed IAMinZoho closed 2 years ago

IAMinZoho commented 2 years ago

Please check:

Capture21

I did see that WinPwn will ask the password to be sprayed in the code but I didn't get that option while executing the script. Please advise.

S3cur3Th1sSh1t commented 2 years ago

You did use the username==password check. Th this case it’s not asking for the password as that’s == the username.

The main menu also has a domain password spray option. And this asks for a password.

S3cur3Th1sSh1t commented 2 years ago

I think this should be straight forward to find but if you still have problems just ask

IAMinZoho commented 2 years ago

I got confused with the 3 different password spray options in the tool. Thanks to you I was able to solve the mystery and simulate it in all the 3 cases: with the user with a password blank; the same username & password; and with a custom password. Works perfectly!