Impacket - Get Users from Active Directory

So far we have received enough information to start forming an attack.
We will try to perform kerberos enumeration with the usernames we just received by
exploiting kerberos preauthentication. This is turned off by default with Active
Directory, however, its always good to try :).


We will use GetNPUsers.py from the Impacket library of tools with our newly found
usernames for this attack. Here, we take the information from our enum4linux script,
and format it to just usernames, using awk and tr.

 

forest-003.png

 

Sweet, now that we have our list, lets try to use GetNPUsers.py with these usernames
and see if we get any hashes back.

Here we get our hash from user svc-alfresco

forest-004.png

 

Next, we will take this over to my cracking rig and use hashcat john the ripper to try and
crack this hashed password!

(In the above pic, I specifically requested to have the format be hashcast. This is
confusing, as the format was not in hashcat, but in john. Intended? Should look into this
later)