Enumerating Users¶
Port 139/445 - SMB¶
Enum4linux¶
enum4linux -a <IP>
Enumerating Users via Kerberos¶
Kerbrute¶
kerbrute userenum --dc 10.10.125.64 -d spookysec.local userlist.txt
# just get the usernames
grep -oP '(?!E:\s*)(\S*)(?=@)'
kerbrute userenum --dc 10.10.125.64 -d spookysec.local userlist.txt -o kerbrute_output.txt
grep -oP '(?!E:\s*)(\S*)(?=@)' kerbrute_output.txt > usernames.txt
# or just use this command
kerbrute userenum --dc 10.10.125.64 -d spookysec.local userlist.txt | grep -oP '(?!E:\s*)(\S*)(?=@)'