DATABASE RESOURCES PRICING ABOUT US

{"id": "KITPLOIT:350698930045331498", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Tritium - Password Spraying Framework", "description": "[](<https://1.bp.blogspot.com/-2ZiMSRVn2Go/YA48Aushm5I/AAAAAAAAVHg/W6JzzOpFHIgLzhujjQ2HmmkxfsTKirZTgCNcBGAsYHQ/s552/Tritium.png>)\n\n \n\n\nA tool to enumerate and spray valid [Active Directory](<https://www.kitploit.com/search/label/Active%20Directory> \"Active Directory\" ) accounts through Kerberos Pre-Authentication.\n\n \n**Background** \n\n\nAlthough many Kerberos password spraying tools currently exist on the market, I found it difficult to find tools with the following built-in functionality:\n\n * The ability to prevent users from locking out the domain\n * The ability to integrate username [enumeration](<https://www.kitploit.com/search/label/Enumeration> \"enumeration\" ) with the password spraying process (User enumeration is a seperate functionality from the spray)\n * The ability to recursively spray [passwords](<https://www.kitploit.com/search/label/Passwords> \"passwords\" ) rather than running one spray at a time\n * The ability to resume password sprays and ignore previously compromised accounts\n\nTritium solves all of the issues mentioned above and more. User enumeration will no longer waste a login attempt because it uses the output of the first spray to generate a file of valid users. Tritium also gives the user the ability to pass it a password file to recursively spray passwords. And Finally, Tritium has built in functionality to detect if a domain is being locked out due to password spraying by saving the state and quitting the password spray if 3 consecutive accounts are locked out.\n\n \n\n\n**Usage** \n\n \n \n ./Tritium -h \n \n ___________ .__ __ .__ \n \\__ ___/______|__|/ |_|__|__ __ _____ \n | | \\_ __ \\ \\ __\\ | | \\/ \\ \n | | | | \\/ || | | | | / Y Y \\ \n |____| |__| |__||__| |__|____/|__|_|__/ v 0.4 \n \n \n Author: S4R1N, alfarom256 \n \n \n \n Required Params: \n \n -d The full domain to use (-domain targetdomain.local) \n -dc Domain controller to authenticate against (-dc washingtondc.targetdomain.local) \n -dcf File of domain controllers to authenticate against \n -u Select single user to authenticate as (-user jsmith) \n -uf User file to use for password spraying (-userfile ~/home/users.txt) \n -p Password to use for spraying (-password Welcome1) \n \n Optional: \n \n -help Print this help menu \n -o Tritium Output file (default spray.json) \n -w Wait time between authentication attempts [Default 1] (-w 0) \n -jitter % Jitter between authentication attempts \n -rs Enable recursive spraying \n -ws Wait time between sprays [Default 3600] (-ws 1800) \n -pwf Password file to use for recursive \n -res Continue a password spraying campaign \n -rf Tritium Json file \n \n\n \n**Under Development** \n\n\nBelow are some of the features being developed:\n\n * Ability to [capture](<https://www.kitploit.com/search/label/Capture> \"capture\" ) ^C and save state if process was killed manually\n * Other stuff ;)\n \n \n\n\n**[Download Tritium](<https://github.com/S4R1N/Tritium> \"Download Tritium\" )**\n", "published": "2021-01-28T11:30:00", "modified": "2021-01-28T11:30:05", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/01/tritium-password-spraying-framework.html", "reporter": "KitPloit", "references": ["https://github.com/S4R1N/Tritium"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:17", "viewCount": 48, "enchantments": {"dependencies": {}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.0}, "_state": {"dependencies": 1659893093, "score": 1659842276, "epss": 1679062491}, "_internal": {"score_hash": "7792315eaf0ab83f8bc286c60d56ecad"}, "toolHref": "https://github.com/S4R1N/Tritium"}

{}