tw1sm / spraycharles Goto Github PK
View Code? Open in Web Editor NEWLow and slow password spraying tool, designed to spray on an interval over a long period of time
License: BSD 3-Clause "New" or "Revised" License
Low and slow password spraying tool, designed to spray on an interval over a long period of time
License: BSD 3-Clause "New" or "Revised" License
make_list.py
only checks the current working directory for list_elements.json
. Need to add a quick check for the file in cwd and utils/
so that it can be run from the main spraycharles folder as the README shows.
Hey there, awesome project! Really looking to integrate this into my workflow and was hoping you might be able to help implement a couple of features. Problems:
It would be awesome if we could implement the following to solve both problems:
analyze.Analyzer(csvfile)
operation on line 200 in spraycharles every time a spray is complete as opposed to once all passwords are attempted. This could be something that is only done if a flag is added to our original command etcIn the near future, I hope to add an NTLM password spraying module and some notification functionality to spraycharles. I look forward to your response! Nice work!
Periodically I'll come across a target where spraycharles will consistently crash with a timeout error and even setting the timeout to something crazy high like 3600 doesn't seem to make a difference. I generally use spraycharles for spraying against NTLM logins and this is where I have experienced this the most.
Here is an example of the error that is shown when it crashes (although this is from spraying against smb, which I know timeout has no effect on):
Traceback (most recent call last):
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 902, in _setup_connection
sock.connect(sa)
TimeoutError: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/.local/bin/spraycharles", line 8, in <module>
sys.exit(cli())
^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1157, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 716, in spray
spraycharles.spray()
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 454, in spray
self._login(username, password)
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 377, in _login
response = self.target.login(username, password)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/targets/Smb.py", line 70, in login
self.conn = SMBConnection(self.host, self.host, None, 445)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 80, in __init__
self.negotiateSession(preferredDialect)
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 120, in negotiateSession
packet = self.negotiateSessionWildcard(self._myName, self._remoteName, self._remoteHost, self._sess_port,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 169, in negotiateSessionWildcard
self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 893, in __init__
NetBIOSSession.__init__(self, myname, remote_name, remote_host, remote_type=remote_type, sess_port=sess_port,
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 753, in __init__
self._sock = self._setup_connection((remote_host, sess_port), timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 905, in _setup_connection
raise socket.error("Connection error (%s:%s)" % (peer[0], peer[1]), e)
OSError: [Errno Connection error (target:445)] timed out
Thanks in advance for any help you may offer. I think spraycharles is great and really appreciate the work that has gone into making it such a good tool.
So normally I would fix this myself, but I can't for the life of me figure out how I would following the refactor so far. (Classes still confuse me sometimes!) When using the Adfs.py module, BaseHTTPTarget.py is throwing an error when trying to print the login attempt to console:
print(
"%-35s %-17s %13s %15s"
% (self.data["username"], self.data["password"], code, length)
)
KeyError thrown is shown in the screenshot below:
I think it may be due to the required casing for the username and password variables used in the ADFS module:
self.data = {
"UserName": "",
"Password": "",
"AuthMethod": "FormsAuthentication",
}
def set_username(self, username):
self.data["UserName"] = username
def set_password(self, password):
self.data["Password"] = password
If I were to modify the the username and password variable in the code snippet above, the module runs but the app throws 500 responses instead of the expected 200.
Looking at browser login requests to a valid ADFS portal shows that the UserName/Password casing is required for successful login so we can't simply modify the POST variables:
Let me know your thoughts. Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.