# Enumerating Users with Kerbrute

### **Introduction**

Kerbrute is a popular enumeration tool used to brute-force and enumerate valid active-directory users by abusing the Kerberos pre-authentication.

***

### **Abusing Pre-Authentication Overview**

By brute-forcing Kerberos pre-authentication, you do not trigger the account failed to log on event which can throw up red flags to blue teams. When brute-forcing through Kerberos you can brute-force by only sending a single UDP frame to the KDC allowing you to enumerate the users on the domain from a wordlist.

***

### **Kerbrute Installation**

1. Download a precompiled binary for your OS - <https://github.com/ropnop/kerbrute/releases>
2. Rename kerbrute\_linux\_amd64 to kerbrute
3. `chmod +x kerbrute` - make kerbrute executable

***

### **Enumerating Users with Kerbrute**

Enumerating users allows you to know which user accounts are on the target domain and which accounts could potentially be used to access the network.

1. `cd` into the directory that you put Kerbrute
2. Download the wordlist to enumerate with [here](https://github.com/Cryilllic/Active-Directory-Wordlists/blob/master/User.txt)
3. `./kerbrute userenum --dc CONTROLLER.local -d CONTROLLER.local User.txt` - This will brute force user accounts from a domain controller using a supplied wordlist&#x20;

<figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FoEQagRPVBdDZbjIfTTw9%2Fimage.png?alt=media&#x26;token=21d01f0e-6850-46b7-9fd7-ed1a220658bb" alt=""><figcaption></figcaption></figure>