tw1sm / spraycharles Goto Github PK

View Code? Open in Web Editor NEW

182.0 4.0 27.0 291 KB

Low and slow password spraying tool, designed to spray on an interval over a long period of time

License: BSD 3-Clause "New" or "Revised" License

Python 99.71% Dockerfile 0.29%

spraying password-spraying password-guessing

spraycharles's People

Contributors

Stargazers

Watchers

spraycharles's Issues

make_list.py requires running from utils folder

make_list.py only checks the current working directory for list_elements.json. Need to add a quick check for the file in cwd and utils/ so that it can be run from the main spraycharles folder as the README shows.

Feature requests

Ask

Hey there, awesome project! Really looking to integrate this into my workflow and was hoping you might be able to help implement a couple of features. Problems:

I often come up with some other password ideas during spraying and would like to add them to the existing password list. The same goes for usernames.
Also I would like to integrate third-party notification functionality into the tool, but the analyzer isn't run after every spraying attempt. This makes it so I can only add a notification operation wherein I am notified after the long-running spray is complete.

Solution

It would be awesome if we could implement the following to solve both problems:

Use something similar to the TargetsFileWatcher class here from impacket for user and password lists so the next spray iterations include any updates to user/pass files.
Issue the analyze.Analyzer(csvfile) operation on line 200 in spraycharles every time a spray is complete as opposed to once all passwords are attempted. This could be something that is only done if a flag is added to our original command etc

In the near future, I hope to add an NTLM password spraying module and some notification functionality to spraycharles. I look forward to your response! Nice work!

Timeout Issues

Periodically I'll come across a target where spraycharles will consistently crash with a timeout error and even setting the timeout to something crazy high like 3600 doesn't seem to make a difference. I generally use spraycharles for spraying against NTLM logins and this is where I have experienced this the most.

Here is an example of the error that is shown when it crashes (although this is from spraying against smb, which I know timeout has no effect on):

Traceback (most recent call last):
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 902, in _setup_connection
    sock.connect(sa)
TimeoutError: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/user/.local/bin/spraycharles", line 8, in <module>
    sys.exit(cli())
             ^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 716, in spray
    spraycharles.spray()
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 454, in spray
    self._login(username, password)
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/spraycharles.py", line 377, in _login
    response = self.target.login(username, password)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/spraycharles/targets/Smb.py", line 70, in login
    self.conn = SMBConnection(self.host, self.host, None, 445)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 80, in __init__
    self.negotiateSession(preferredDialect)
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 120, in negotiateSession
    packet = self.negotiateSessionWildcard(self._myName, self._remoteName, self._remoteHost, self._sess_port,
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/smbconnection.py", line 169, in negotiateSessionWildcard
    self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 893, in __init__
    NetBIOSSession.__init__(self, myname, remote_name, remote_host, remote_type=remote_type, sess_port=sess_port,
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 753, in __init__
    self._sock = self._setup_connection((remote_host, sess_port), timeout)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/user/.local/share/pipx/venvs/spraycharles/lib/python3.11/site-packages/impacket/nmb.py", line 905, in _setup_connection
    raise socket.error("Connection error (%s:%s)" % (peer[0], peer[1]), e)
OSError: [Errno Connection error (target:445)] timed out

Thanks in advance for any help you may offer. I think spraycharles is great and really appreciate the work that has gone into making it such a good tool.

ADFS Module Issues

So normally I would fix this myself, but I can't for the life of me figure out how I would following the refactor so far. (Classes still confuse me sometimes!) When using the Adfs.py module, BaseHTTPTarget.py is throwing an error when trying to print the login attempt to console:

        print(
            "%-35s %-17s %13s %15s"
            % (self.data["username"], self.data["password"], code, length)
        )

KeyError thrown is shown in the screenshot below:

I think it may be due to the required casing for the username and password variables used in the ADFS module:

        self.data = {
            "UserName": "",
            "Password": "",
            "AuthMethod": "FormsAuthentication",
        }

    def set_username(self, username):
        self.data["UserName"] = username

    def set_password(self, password):
        self.data["Password"] = password

If I were to modify the the username and password variable in the code snippet above, the module runs but the app throws 500 responses instead of the expected 200.

Looking at browser login requests to a valid ADFS portal shows that the UserName/Password casing is required for successful login so we can't simply modify the POST variables:

Let me know your thoughts. Thanks!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.