Skip to content

Password Spraying - Making a Target User List

ℹ️ Information

Question

Enumerate valid usernames using Kerbrute and the wordlist located at /opt/jsmith.txt on the ATTACK01 host. How many valid usernames can we enumerate with just this wordlist from an unauthenticated standpoint?

📋 Walkthrough

Connect to the host using the provided credentials: htb-student:HTB_@cademy_stdnt. Use Kerbrute and the provided wordlist to enumerate users.

kerbrute userenum -d inlanefreight.local --dc 172.16.5.5 /opt/jsmith.txt

And count how many users we find.

Answer

56