ToolsFebruary 9, 20261 min readby 0xt0pus

Kerbrute

Kerberos brute-forcing tool for AD username enumeration and password spraying

#active-directory#windows#kerberos#brute-force

kerbrute

Description

Kerbrute is a tool for brute-forcing and enumerating valid Active Directory accounts through Kerberos pre-authentication. It is cross-platform (works on Windows and Linux) and is very fast because it only uses two UDP frames per authentication attempt (AS-REQ and response). This makes it stealthier and faster than SMB-based password spraying. GitHub: https://github.com/ropnop/kerbrute

Usage 1: Username Enumeration

Brute-force valid usernames against Active Directory using Kerberos. Supply a wordlist of potential usernames and the tool will confirm which ones exist in the domain.

Command:

kerbrute userenum -d hokkaido-aerospace.com --dc 192.168.208.40 /usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames.txt -t 100

Usage 2: Password Spraying (Windows)

Spray a single password against a list of AD usernames using Kerberos TGT requests. This is the third kind of password spraying attack (TGT-based) and is faster and less noisy than SMB-based spraying. Make sure the encoding of the usernames file is ANSI.

Command:

.\kerbrute_windows_amd64.exe passwordspray -d corp.com .\usernames.txt "Nexus123!"