Kerbrute

From aldeid
Jump to navigation Jump to search

Description

A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

Installation

https://github.com/ropnop/kerbrute/releases

Usage

Syntax

kerbrute [command]

Available Commands

bruteforce    Bruteforce username:password combos, from a file or stdin
bruteuser     Bruteforce a single user's password from a wordlist
help          Help about any command
passwordspray Test a single password against a list of users
userenum      Enumerate valid domain usernames via Kerberos
version       Display version info and quit

Flags

     --dc string       The location of the Domain Controller (KDC) to target. If blank, will lookup via DNS
     --delay int       Delay in millisecond between each attempt. Will always use single thread if set
 -d, --domain string   The full domain to use (e.g. contoso.com)
 -h, --help            help for kerbrute
 -o, --output string   File to write logs to. Optional.
     --safe            Safe mode. Will abort if any user comes back as locked out. Default: FALSE
 -t, --threads int     Threads to use (default 10)
 -v, --verbose         Log failures and errors

Example

$ ./kerbrute_linux_amd64 userenum --dc spookysec.local -d spookysec.local userlist.txt -t 100

    __             __               __     
   / /_____  _____/ /_  _______  __/ /____ 
  / //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
 / ,< /  __/ /  / /_/ / /  / /_/ / /_/  __/
/_/|_|\___/_/  /_.___/_/   \__,_/\__/\___/                                        

Version: v1.0.3 (9dad6e1) - 06/20/20 - Ronnie Flathers @ropnop

2020/06/20 15:45:40 >  Using KDC(s):
2020/06/20 15:45:40 >  	spookysec.local:88

2020/06/20 15:45:40 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:40 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:41 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:41 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:43 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:45 >  [+] VALID USERNAME:	 [email protected]
2020/06/20 15:45:48 >  [+] VALID USERNAME:	 [email protected]

[REDACTED]