Background:
Kerbrute is a tool used to enumerate valid Active directory user accounts that using kerrberos preauthentication. Also, this tool can be used to password attacks such as password bruteforce, username
enumeration, password spray etc. This tool is being used for many years by penetration testers during internal penetration testing engagements. This tool is originally written by Ronnie Flathers (ropnop) with contributor Alex Flores.
Introduction to Kerberos authentication
The Kerberos service run on its default port which is 88 in a domain controller system. This service come in windows and the Linux system as well where it is used to implement authentication process more securely in an Active directory environment. For more information about Kerberos authentication process and service principal name (SPN) please consider visiting the below link: https://www.hackingarticles.in/deep-dive-into-kerberoasting-attack/
Download Kerbrute
Kerbrute can be downloaded from its official github repository release page. It was last modified in December 2019. The source code of the tool is also available, and it is also available for windows system and other Linux architecture. For the simplicity, we will download compiled kerbrute_linux_amd64 for the kali Linux which will be going to be an attacking system for the demonstration. The tool can be downloaded from link given below.
Download link:
https://github.com/ropnop/kerbrute/releases/tag/v1.0.3
Views: 12
