ropnop / kerbrute

A tool to perform Kerberos pre-auth bruteforcing
Apache License 2.0
2.64k stars 415 forks source link

Kerbrute erroring out on some accounts #42

Open ad0nis opened 3 years ago

ad0nis commented 3 years ago

Receiving the following error on some specific accounts when password spraying - believe this may point towards some protection in client environment, but haven't yet confirmed.

[Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (14) KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type

Would it be possible to have the script skip this error, try a different (higher-security?) encryption type, or otherwise log the accounts as being in a different state, and proceed with the rest of the spray?

br1337 commented 2 years ago

Receiving the following error on some specific accounts when password spraying - believe this may point towards some protection in client environment, but haven't yet confirmed.

[Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (14) KDC_ERR_ETYPE_NOSUPP KDC has no support for encryption type

Would it be possible to have the script skip this error, try a different (higher-security?) encryption type, or otherwise log the accounts as being in a different state, and proceed with the rest of the spray?

Yeap, approve this problem but there is solution. Just added to errors.go if strings.Contains(eString, " KDC_Error: AS Exchange Error") { return true, "2FA Enabled" } and problem solved