Secondary Categories: 02-Initial Access, 02-Lateral Movement
This section contains some of my emthodology and tips for performing password spraying attacks from an external attackers prespective.
There are a lot of great open source tools out there to do this. I suggest using TREVORspray.
Using this tool you can use a round-robin cycle through multiple different SSH sessions, uses multiple modules/methods to spray, spoof the User-Agent, set delay/jitter.
For a list of Common Password please refer to: Common Password List
Also Check Out:
- PLACEHOLDER