ropnop / kerbrute

A tool to perform Kerberos pre-auth bruteforcing
Apache License 2.0
2.64k stars 415 forks source link

Pass the Hash Support for testing credentials #67

Open Utkar5hM opened 1 year ago

Utkar5hM commented 1 year ago

I'm still going through how things work out so I can polish out code. I don't know a lot about how kerberos works authentication works in detail. Like I've yet to figure out why it expected a KVNO of 2 and why hardcoding it worked.

I'm still looking into if there is any better way to set the options to use etype than to set defaults in k.Config.LibDefaults.

Tested this against APT machine on hackthebox and it seems to work smoothly for rc4-hmac.

resolves #38

A1vinSmith commented 1 year ago

This is a great feature, Thank you!

I'll try it.

A1vinSmith commented 1 year ago

Working well!

~/kerbrute/kerbrute-arm64 bruteuser -d htb.local --dc apt.htb hash.list henry.vinson --etype rc4-hmac

    __             __               __     
   / /_____  _____/ /_  _______  __/ /____ 
  / //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
 / ,< /  __/ /  / /_/ / /  / /_/ / /_/  __/
/_/|_|\___/_/  /_.___/_/   \__,_/\__/\___/                                        

Version: dev (n/a) - 10/31/23 - Ronnie Flathers @ropnop

2023/10/31 17:01:27 >  Using KDC(s):
2023/10/31 17:01:27 >   apt.htb:88

2023/10/31 17:01:33 >  [+] VALID LOGIN:  henry.vinson@a.x:c
2023/10/31 17:01:38 >  Done! Tested 2 logins (1 successes) in 10.929 seconds