Just a quick post regarding creating username lists.
Often during an engagement if you have discovered a service that is brute-force able such as smb then it would be advantageous to create a semi-valid username list. We can do this fairly easily with the harvester. Once we have this list we probably want to manipulate the forname and surname to create a valid username to suit our target. I came across this python script which quickly gives us the output we need. Full props to Harold Rodriguez superkojiman for his code: https://gist.github.com/superkojiman/11076951. I have found that just removing the various outputs that you don’t want works best if you know the target username combination, and if you don’t run with all options. I’ve found the password/username spraying technique with a single password works best and is the smart option to avoid account lockouts.
#!/usr/bin/env python import sys if __name__ == "__main__": if len(sys.argv) != 2: print "usage: %s names.txt" % (sys.argv) sys.exit(0) for line in open(sys.argv): name = ''.join([c for c in line if c == " " or c.isalpha()]) tokens = name.lower().split() fname = tokens lname = tokens[-1] print fname + lname # johndoe print lname + fname # doejohn print fname + "." + lname # john.doe print lname + "." + fname # doe.john print lname + fname # doej print fname + lname # jdoe print lname + fname # djoe print fname + "." + lname # j.doe print lname + "." + fname # d.john print fname # john print lname # joe