Tags
Remote
Multi-Protocol
enum4linux -a <IP>SMB
nxc smb <IP> -u '' -p '' --usersRPC
rpcclient -U "" -N <IP>
enumdomusersldap
ldapsearch -x -b "DC=HTB,DC=LOCAL" -s sub "(&(objectclass=user))" -H ldap://<IP> | grep -i samaccountname: | cut -f 2 -d " "nxc ldap <IP> -u '' -p '' --users Brute force usernames
kerbrute userenum -d EGOTISTICAL-BANK.LOCAL /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt --dc 10.10.10.175Generate wordlist from website
Validate Known Usernames
kerberute userenum -d <DOMAIN> users.txtAdd a known negative user to make sure the server is properly validating.