Kerberos
Nmap discovered a KDC service on the target port 88
The running service is Microsoft Windows Kerberos
While I do not know the naming convention that the target domain uses, I will attempt to enumerate usernames as much as possible by brute-forcing the KDC I will get that running in the background while enumerating other services for efficiency
┌──(kali㉿kali)-[~/archive/htb/labs/cascade]
└─$ kerbrute userenum --dc casc-dc1.cascade.local -d CASCADE.LOCAL /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
version: v1.0.3 (9dad6e1) - 06/26/23 - Ronnie Flathers @ropnop
2023/06/26 04:51:49 > Using KDC(s):
2023/06/26 04:51:49 > casc-dc1.cascade.local:88I had kerbrute running for a while and nothing was found