Minimalistic SMB login bruteforcer (smblogin.ps1)

A simple SMB login attack and password spraying tool.

From the above screenshot we can see that we have obtained administrative access to 5 machines.

It takes a list of targets and credentials (username and password) as parameters and it tries to authenticate against each target using the provided credentials.

Despite its minimalistic design, the tool keeps track of everything by writing every result into a text file. This allows the tool to be easily resumed if it was interrupted or skip already compromised targets.

See the main article for detailed description:

Conclusion

With a little bit of coding, we can come up with all kinds of useful tools.

In this case, we have created a tool which allows us to perform SMB login and password spraying attacks even in environments where no tool is allowed to enter.

This particular tool has helped us on numerous occasions during pentests and with a little bit of effort we could easily modify it or add additional features.

Hope you will find it useful too sometimes during your engagements!