Password Spraying - Making a Target User List

ℹ️ Information¶

• 🌐 Website: HackTheBox
• 📚 Module: Active Directory Enumeration & Attacks
• 🔗 Link: Password Spraying - Making a Target User List

❓Question¶

Enumerate valid usernames using Kerbrute and the wordlist located at /opt/jsmith.txt on the ATTACK01 host. How many valid usernames can we enumerate with just this wordlist from an unauthenticated standpoint?

📋 Walkthrough¶

Connect to the host using the provided credentials: htb-student:HTB_@cademy_stdnt. Use Kerbrute and the provided wordlist to enumerate users.

kerbrute userenum -d inlanefreight.local --dc 172.16.5.5 /opt/jsmith.txt

And count how many users we find.