# Using enum4linuxenum4linux-Uip|grep"user:"|cut-f2-d"["|cut-f1-d"]"# Using rpcclientrpcclient-U""-Nip# Using CrackMapExec --users Flagcrackmapexecsmbip--users
Gathering Users with LDAP Anonymous
# Using ldapsearchldapsearch-hip-x-b"DC=DOMAIN,DC=LOCAL"-ssub"(&(objectclass=user))"|grepsAMAccountName:|cut-f2-d" "# Using windapsearch./windapsearch.py--dc-ipip-u""-U
Enumerating Users with Kerbrute
# Kerbrute User Enumerationkerbruteuserenum-ddomain.local--dcip/opt/jsmith.txt
User Enumeration with Valid Credentials
# Using CrackMapExec with Valid Credentialssudocrackmapexecsmbip-ueren-ppass--users