search

ropnop / kerbrute

A tool to perform Kerberos pre-auth bruteforcing
Apache License 2.0
2.57k stars 415 forks source link

Kerbrute running into Encoding Error #45

Open AtomicMaya opened 2 years ago

AtomicMaya commented 2 years ago

Hi!

I'm walking about the attacktive directory room on THM, and in the section about kerbrute, I'm getting these outputs:

root@ip-[redacted]:~# sudo ./kerbrute userenum -v --dc spookysec.local -d spookysec.local userlist.txt -t 10

    __             __               __     
   / /_____  _____/ /_  _______  __/ /____ 
  / //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
 / ,< /  __/ /  / /_/ / /  / /_/ / /_/  __/
/_/|_|\___/_/  /_.___/_/   \__,_/\__/\___/                                        

Version: v1.0.3 (9dad6e1) - 12/04/21 - Ronnie Flathers @ropnop

2021/12/04 20:06:34 >  Using KDC(s):
2021/12/04 20:06:34 >   spookysec.local:88

2021/12/04 20:06:44 >  [!] david@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] mike@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] admin@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] NULL@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] 2000@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] john@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] robert@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated
2021/12/04 20:06:44 >  [!] michael@spookysec.local - [Root cause: Encoding_Error] Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated

I've had this first come up on the AttackBox and was able to replicate on a Kali machine.

I don't know if that's on your end, but good luck!

anon-0racle commented 2 years ago

I am also getting the same error, both on the most recent version and previous versions.

Not sure what to do with the THM room until this is fixed, if anyone has any solutions I would appreciate it!

SimonBrazda commented 2 years ago

I have encountered the same issue. Adding the domain name to my hosts file resolved it. echo "<target-ip>\tspookysec.local" >> /etc/hosts

anon-0racle commented 2 years ago

Can confirm @SimonBrazda has the correct fix. I used the GUI to edit the hosts file and added the targets IP with "spookysec.local" next to it, saved it and ran kerbrute without any encoding errors! Simple fix this, thank you!

GIJosh2687 commented 2 years ago

<IP> <TAB> spookysec.local Add this line to your /etc/hosts

Same solution, another way to say it.

jpc0016 commented 2 years ago

@SimonBrazda has the correct fix. Could close this issue now if needed. Or a feature could be added to return helpful error output.

abdussaboor commented 2 years ago

adding to hosts file has not resolved the issue for some reason.