nccgroup / berserko Goto Github PK

While trying to test domain settings I get this type of error.

Connected to port 88, but failed to contact Kerberos service: No LoginModule found for com.sun.security.auth.module.Krb5LoginModule

This seems to work few moths ago.

My env:

OS:
Linux kali-i3 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux

Java:
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)

Burp:
2.0.20beta Pro

Thanks in advance

java.lang.ClassNotFoundException: burp.BurpExtender
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at burp.lqb.a(Unknown Source)
at burp.lqb.(Unknown Source)
at burp.uqg.a(Unknown Source)
at burp.xue.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)

I'm using Berserko 1.2 with Burp 2020.5.1 on Windows
After a fresh install of the extension I configured the "domain settings" but when I tried to "test domain settings" I had a warning about a missing krb5.conf file. I created it with the button but I didn't notice it at first.
Would it be possible to create it automatically by default when there's none?

Hi, my target is an internal application and I had to setup SSH port forwarding of two ports: 443/tcp and 88/tcp.
The nmap is able to connect and verify users: nmap -p 88 --script=krb5-enum-users <skip>

However, the plugin fails to "test domain settings" and fails to start eventually:

2020-12-21 12:09:00.282: Loaded config...
Domain DNS Name     : mybox.local
KDC Host            : 127.0.0.1
Username            : XXX
Password            : 
Save password       : false
Everything in scope : false
Domain in scope     : true
Hosts in scope      : app.mybox.local
Include plainhosts  : true
Ignore NTLM servers : false
Alert level         : 1
Logging level       : 1
Auth strategy       : PROACTIVE
Kerberos authentication disabled
Kerberos Authentication version 1.0
Kerberos authentication enabled
Unexpected error when testing connectivity to KDC: Connection refused (Connection refused)
Unexpected error when making test Kerberos request to KDC: ICMP Port Unreachable

I haven't check the source code, but is ICMP probe really mandatory? Can make it optional please?

Is it possible to modify this plugin to support multiple authentications at the same time? Kind of like the cookie jar but for kerberos tickets.

Hey, thank you for this amazing plugin!

Today I've had problem with authorization in web application. Server stored usernames in uppercase, but plugin was sending lowercase. I've tried to change username to uppercase, but it still remained same. Then I looked in source code and discovered that it is always lowercase. When I modified line 464 and removed "toLowerCase" function it worked as expected.
It would be nice to have option to use username "as it is".

Looks like libdefaults section of krb5.conf file only supports forwardable switch out of https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html. Just wanted to confirm if this is true.

Berserko doesn't seem to work in latest Burp - no headers are added, and the following exception appears in error output:
java.lang.ClassNotFoundException: com.sun.security.jgss.ExtendedGSSContext

No option to select Kerberos as auth method when setting up Upstream proxy.
Tried "None" with Kerberos enabled in Beresko - didn't work.
Any hints on how to get this working?
v1.7.22 Burp.

Hi

It looks like this version of the extension is significantly ahead of the published BApp Store version.

If you'd like to update the extension in the BApp Store, please create a pull request against the PortSwigger fork of your extension and drop us an email at [email protected]

Provides an error for that the KDC appears to be correct but the DNS name is not.

Is there a way to leverage a keytab or ticket somehow launching burp form the command line or with your tool somehow, I tried specifying a keytab file in the conf file but it is ignoring it? I know I could use mimikatz to inject a ticket and use runas and do some other fancy things but I'm trying to avoid that to isolate OS from the situation.