krb5-enum-users
脚本使用类型:
portrule
脚本所属分类:
auth, intrusive
脚本下载地址: http://nmap.org/svn/scripts/krb5-enum-users.nse
Discovers valid usernames by brute force querying likely usernames against a Kerberos service. When an invalid username is requested the server will responde using the Kerberos error code KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, allowing us to determine that the user name was invalid. Valid user names will illicit either the TGT in a AS-REP response or the error KRB5KDC_ERR_PREAUTH_REQUIRED, signaling that the user is required to perform pre authentication.
The script should work against Active Directory and ? It needs a valid Kerberos REALM in order to operate.
this argument is required as it supplies the script with the Kerberos REALM against which to guess the user names.
执行格式
nmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='test'
PORT STATE SERVICE REASON 88/tcp open kerberos-sec syn-ack | krb5-enum-users: | Discovered Kerberos principals | administrator@test | mysql@test |_ tomcat@test
Author: Patrik Karlsson
License: VER007 整理 http://www.ver007.com