TCP/UDP: Kerberos - 88

Nmap

nmap -p 88 --script=krb5-enum-users --script-args krb5-enum-users.realm=<Domain Name>[,userdb=<Username List>] <Target IP Address>

NOTE: Download here

./kerbrute userenum <Username List> --dc <Target IP Address> --domain <Domain Name>

NOTE: Download here

The following command run against with a list of users

.\Rubeus.exe brute /users:<Username List> /passwords:<Password list> /domain:<Domain>

The following command check all domain users against the password list

.\Rubeus.exe brute /passwords:<Password list>

Last updated 2 months ago