In order to use Kerbrute to enumerate the users, you will also need to download the provided User List and Password List which you can get from Sq00ky's repo attacktive-directory-tools.
What command within Kerbrute will allow us to enumerate valid usernames?
{% hint style="warning" %} HINT: ./kerbrute -h may help you {% endhint %}
Kerbrute bruteforces and enumerates valid Active Directory accounts through Kerberos Pre-Authentication. The following command will attempt to enumerate valid usernames given a list of usernames to try:
{% code title="kerbrute" %}
kerbrute userenum -d domain.tld usernames.txt
{% endcode %}
Reveal Flag 🚩
🚩userenum
(These should jump out at you)
Reveal Flag 🚩
🚩svc-admin
(These should jump out at you)
Reveal Flag 🚩
🚩backup