Feature request: Kerberos authentication

[tuv7041]

Hi! First of all, thank you for an awesome tool. Windapsearch and Impacket are by far the most useful tools for pentesting Windows from Linux machines. One thing it would be great to have is the option of using kerberos authentication instead of pass-the-hash. Pass the hash has been great, but most of the SOCs now detect legacy ntlm authentication as an IOC, and over pass the hash fixes this issue. I can get the tickets through Impacket, but it would be great being able to use them with windapsearch.

Thanks!

[ropnop]

This is definitely something I’d love as well. It would require implementing Kerberos in the underlying go-ldap package I use. Not impossible (I got a PR merged in there to support NTLM), but it’s quite a bit more work. But I will add it to the backlog!