Username bruteforcing

This is useful when anonymous sessions are not allowed. Bruteforcing still is a valid technique.

Discover username

wordlist collection
Web site info
Image metadata
Other information collected from the other machines
ONIST

Create a username list

Manual creation

# Change all lower to all upper
tr '[:lower:]' '[:upper:]' < users.txt >> users-updated.txt

# Change all upper cases to all lower cases
tr '[:upper:]' '[:lower:]' < users.txt > users-updated.txt

# Change the first letter only to upper in the string
cat users.txt | sed 's/./\U&/'

username-anarchy

#Create an initial list of users
 James Roberts
 Michale Chaffrey
 Donald Klay
 Sarah Osvald
 Jeffer Robinson
 Nicole Smith

# Then run the username-anarchy to create different username combinations
username-anarchy -i authors -f flast,lfirst,f.last > got_users.txt

Brutefocing usernames against a Kerberos service

nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='essos.local',userdb=got_users.txt" 192.168.56.12

nmap -p 88 --script=krb5-enum-users --script-args="krb5-enum-users.realm='sevenkingdoms.local',userdb=got_users.txt" 192.168.56.10

PreviousUser Recon NextEnum SMB Shares

Last updated 1 year ago