Secondary Categories: 02-Initial Access, 02-Lateral Movement

This section contains some of my emthodology and tips for performing password spraying attacks from an external attackers prespective.

There are a lot of great open source tools out there to do this. I suggest using TREVORspray.

Using this tool you can use a round-robin cycle through multiple different SSH sessions, uses multiple modules/methods to spray, spoof the User-Agent, set delay/jitter.

For a list of Common Password please refer to: Common Password List

Also Check Out:

  • PLACEHOLDER