# Kerbrute

**Kerbrute** es recomendable tirarlo al principio ya que tarda bastante tiempo.

```
# Descargar la última release
wget https://github.com/ropnop/kerbrute/releases/latest/download/kerbrute_linux_amd64

# Dar permisos de ejecución
chmod +x kerbrute_linux_amd64

# Mover a un directorio en el PATH
sudo mv kerbrute_linux_amd64 /usr/local/bin/kerbrute
```

Básicamente lo que hace este ataque es realizar consultas contra el protocolo Kerberos con el fin de enumerar Usuarios válidos dentro del dominio.

```
kerbrute userenum --dc <IP> -d <DOMAIN> /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt
```

<figure><img src="/files/v4zxzah0ZP2DE3bNPdRN" alt=""><figcaption></figcaption></figure>

Copiamos todo el texto y le pasamos este comando para que nos de un users.txt con todos los usuarios:

```
grep "VALID USERNAME" users.txt | awk '{print $NF}' | cut -d'@' -f1 | tr '[:upper:]' '[:lower:]' | sort -u
```

#### Validar usuarios

Si hemos enumerado usuarios con otra vía lo podemos validar:

```
kerbrute userenum --dc <ip> -d <dominio> <diccionario>
```

<figure><img src="/files/oyoP7vtq5Dt41XEf7xuk" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://alv-fh.gitbook.io/alv-fh/active-directory-methodology/kerbrute.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.