Username bruteforcing
This is useful when anonymous sessions are not allowed. Bruteforcing still is a valid technique.
Discover username
wordlist collection
Web site info
Image metadata
Other information collected from the other machines
ONIST
Create a username list
Manual creation
# Change all lower to all upper
tr '[:lower:]' '[:upper:]' < users.txt >> users-updated.txt
# Change all upper cases to all lower cases
tr '[:upper:]' '[:lower:]' < users.txt > users-updated.txt
# Change the first letter only to upper in the string
cat users.txt | sed 's/./\U&/'
username-anarchy
#Create an initial list of users
James Roberts
Michale Chaffrey
Donald Klay
Sarah Osvald
Jeffer Robinson
Nicole Smith
# Then run the username-anarchy to create different username combinations
username-anarchy -i authors -f flast,lfirst,f.last > got_users.txt

Brutefocing usernames against a Kerberos service
nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='essos.local',userdb=got_users.txt" 192.168.56.12
nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='sevenkingdoms.local',userdb=got_users.txt" 192.168.56.10
Last updated