ADSprayGen a command-line utility written in Go that leverages LDAP (Lightweight Directory Access Protocol) to retrieve user attributes. These attributes can then be used to generate possible passwords for the users. A mask is required to generate the passwords, which can contain user attribute placeholders and modifiers for them.
Prebuilt binaries of ADSprayGen are provided on the releases page.
Requirements: go1.21 or higher
go install -v github.com/m10x/adspraygen@latest
Example: adspraygen -d domain.local -u m10x -p m10x -s 10.10.10.10 -m 'Foobar{givenName#Reverse}{MonthGerman}{YYYY}!'
- {cn} : Full Name
- {givenName} : First Name
- {sn} : Last Name
- {sAMAccountName} : Logon Name (Pre Windows 2000)
- {rPrincipalName} : Logon Name
- {description} : Description
- {info} : Notes
- {department} : Department
- {I} : City
- {postcalCode} : Postal Code
- Last password change
- {YYYY} : e.g. 2024
- {YY} : e.g. 24
- {MM} : e.g. 01
- {M} : e.g. 1
- {SeasonGerman} : e.g. Herbst
- {SeasonAmerican} : e.g. Fall
- {SeasonBritish} : e.g. Autumn
- {MonthGerman} : e.g. Januar
- {MonthEnglish} : e.g. January
- #Reverse : Reverse the string
- #LeetBasic : Subsitute e:3, o:0, i:1, a:4
- #LeetBasicPlus : Subsitute e:3, o:0, i:1, a:@, t:7
- dump LDAP user attributes
- import dumped LDAP user attributes instead of querying the LDAP server
- handling of unknown mask attribute and unknown mask transformator
- netexec format + kerbrute format
- dump pw policy / fine grained policy
- dump Hostnames
- handling of givenName with multiple names
LDAP Result Code 1 "Operations Error": 000004DC: LdapErr: DSID-0C090A5C, comment: In order to perform this operation a successful bind must be completed on the connection.
- Anonymous/Unauthenticated bind is not possible. Specify a password or NTLM hash.LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error
- The specified credentials are invalidLDAP Result Code 49 "Invalid Credentials": 8009030C: LdapErr: DSID-0C0906B5, comment: AcceptSecurityContext error
- Unauthenticated NTLM bind is not possible or specified credentials are not valid.