July 2, 2021
Brute Force Kerberos Users with Kerbrute
In this tutorial we will see how to bruteforce Kerberos users using a username list. This helps us identify usernames of the potential victims in the organization.
This shows the Github page for kerbrute.
This gives a quick description of kerbrute.
We can install kerbrute using the Github repository or pypi.
Let's do a quick scan of our target machine. We can see that Kerberos and SMB is running.
Running a SMB scan reveals that the target is running Microsoft Server 2016 Standard.
Let's add the hostname and the IP address to the /etc/hosts file.
It shows the available options for kerbrute.
This is the users list that we will try to brutefoce.
kerbrute identified 5 users as valid out of the 8 users in the userlist.
We can try an individual user against the server as well. If the user is valid then we get the "Valid user" response.
If the user is not valid or the username doesn't exist in the server then we don't get a response from kerbrute that says it is a valid user.
You can follow me on Twitter mujtabareads.
- Escalate a Regular Shell to Meterpreter Shell
- Reading Outlook Files in Terminal
- Escalating Privileges with Metasploit's Local Exploit Suggester
- Simple wget PowerShell Script
- PsExec in Linux
- Eternal Blue Exploitation with Metasploit
- Exploit EternalBlue with Custom Exploit - 1
- Exploit EternalBlue with Custom Exploit - 2
- Local Privilege Escalation on Linux Kernel < 4.4.0-116
- Extract Passwords from Firefox Profile
- Escalate Privileges via pip
- Escalate Privileges by Modifying the /etc/passwd File
- wp_admin_shell_upload
- Extract Passwords with LaZagne
- Bruteforce Windows Server SMB Credentials with Medusa
- Brute Force Windows Server SMB Credentials with Hydra
- Brute Force Windows Server SMB Credentials with NCrack
- Brute Force Windows Server SMB Credentials with CrackMapExec
- Brute Force Windows Server SMB Credentials with Metasploit
- Exploit PrintNightmare