Tools and Techniques
[]
<aside> š” When you fail in finding username from other ports, attempt kerbrute with teh list of username to identify valid users
</aside>
./kerbrute userenum --domain htb.local --dc 10.10.10.52 ~/Downloads/wordlists/xato-net-10-million-usernames.txt
2023/05/23 13:45:54 > [+] VALID USERNAME: [email protected]
2023/05/23 13:45:55 > [+] VALID USERNAME: [email protected]
2023/05/23 13:46:00 > [+] VALID USERNAME: [email protected]
2023/05/23 13:46:05 > [+] VALID USERNAME: [email protected]
2023/05/23 13:46:17 > [+] VALID USERNAME: [email protected]
2023/05/23 13:46:41 > [+] VALID USERNAME: [email protected]
2023/05/23 13:47:03 > [+] VALID USERNAME: [email protected]
Use Kerbrute in conjunction with theĀ jsmith.txt
Ā orĀ jsmith2.txt
Ā user lists fromĀ Insidetrust.
zink0x001@htb[/htb]$ kerbrute userenum -d INLANEFREIGHT.LOCAL --dc 172.16.5.5 jsmith.txt -o valid_ad_users
2021/11/17 23:01:46 > Using KDC(s):
2021/11/17 23:01:46 > 172.16.5.5:88
2021/11/17 23:01:46 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:46 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:46 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:50 > [+] VALID USERNAME: [email protected]
<SNIP>
2021/11/17 23:01:51 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:51 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:51 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:51 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:51 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:52 > [+] VALID USERNAME: [email protected]
2021/11/17 23:01:56 > Done! Tested 48705 usernames (56 valid) in 9.940 seconds