Attempting to use Kerberos with a ccache and -k -no-pass appears to not be working. After reading #141 I updated my BloodHound.py to 1.7.2 and reattempted using an obtained ticket but got the same errors:
KRB5CCNAME=<user>.ccache proxychains bloodhound-python -d <target domain> --zip -c All --dns-tcp -ns <DC IP> -dc <DC FQDN> -gc <DC FQDN> -k -no-pass
Traceback (most recent call last):
File "/home/jkl/.local/bin/bloodhound-python", line 8, in <module>
sys.exit(main())
File "/home/jkl/.local/pipx/venvs/bloodhound/lib/python3.10/site-packages/bloodhound/__init__.py", line 297, in main
auth = ADAuthentication(username=args.username, password=args.password, domain=args.domain, auth_method=args.auth_method)
File "/home/jkl/.local/pipx/venvs/bloodhound/lib/python3.10/site-packages/bloodhound/ad/authentication.py", line 55, in __init__
if '@' in self.username:
TypeError: argument of type 'NoneType' is not iterable
It looks like when specifying -k -no-pass and providing a ccache in KRB5CCNAME, bloodhound-python isn't using the ticket. If I then specify -u <UPN>, I get prompted for a password despite using -no-pass:
Attempting to use Kerberos with a ccache and
-k -no-pass
appears to not be working. After reading #141 I updated my BloodHound.py to 1.7.2 and reattempted using an obtained ticket but got the same errors:It looks like when specifying
-k -no-pass
and providing a ccache inKRB5CCNAME
,bloodhound-python
isn't using the ticket. If I then specify-u <UPN>
, I get prompted for a password despite using-no-pass
: