# Username bruteforcing

### Discover username 

* wordlist collection 
* Web site info
* Image metadata 
* Other information collected from the other machines 
* ONIST 

### Create a username list

#### Manual creation

```bash
# Change all lower to all upper
tr '[:lower:]' '[:upper:]' < users.txt >> users-updated.txt

# Change all upper cases to all lower cases
tr '[:upper:]' '[:lower:]' < users.txt > users-updated.txt

# Change the first letter only to upper in the string
cat users.txt | sed 's/./\U&/'
```

#### username-anarchy

```bash
#Create an initial list of users
 James Roberts
 Michale Chaffrey
 Donald Klay
 Sarah Osvald
 Jeffer Robinson
 Nicole Smith

# Then run the username-anarchy to create different username combinations
username-anarchy -i authors -f flast,lfirst,f.last > got_users.txt
```

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2FkKzK1BWtFRzfXiEumAQA%2Fimage.png?alt=media&#x26;token=2d0aa377-8fcb-408c-9a81-751b2c8bcd07" alt=""><figcaption></figcaption></figure>

#### Brutefocing usernames against a Kerberos service

{% code overflow="wrap" %}

```bash
nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='essos.local',userdb=got_users.txt" 192.168.56.12

nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='sevenkingdoms.local',userdb=got_users.txt" 192.168.56.10
```

{% endcode %}