Just a quick post regarding creating username lists.
Often during an engagement if you have discovered a service that is brute-force able such as smb then it would be advantageous to create a semi-valid username list. We can do this fairly easily with the harvester. Once we have this list we probably want to manipulate the forname and surname to create a valid username to suit our target. I came across this python script which quickly gives us the output we need. Full props to Harold Rodriguez superkojiman for his code: https://gist.github.com/superkojiman/11076951. I have found that just removing the various outputs that you don’t want works best if you know the target username combination, and if you don’t run with all options. I’ve found the password/username spraying technique with a single password works best and is the smart option to avoid account lockouts.
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) != 2:
print "usage: %s names.txt" % (sys.argv[0])
sys.exit(0)
for line in open(sys.argv[1]):
name = ''.join([c for c in line if c == " " or c.isalpha()])
tokens = name.lower().split()
fname = tokens[0]
lname = tokens[-1]
print fname + lname # johndoe
print lname + fname # doejohn
print fname + "." + lname # john.doe
print lname + "." + fname # doe.john
print lname + fname[0] # doej
print fname[0] + lname # jdoe
print lname[0] + fname # djoe
print fname[0] + "." + lname # j.doe
print lname[0] + "." + fname # d.john
print fname # john
print lname # joe