kerbrute's Introduction

kerbrute

An script to perform kerberos bruteforcing by using the Impacket library.

When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate:

Valid username/passwords pairs
Valid usernames
Usernames without pre-authentication required

As a result, the script generates a list of valid credentials discovered, and the TGT's generated due those valid credentials.

Installation

From pypi:

pip3 install kerbrute

From repo:

git clone https://github.com/TarlogicSecurity/kerbrute
cd kerbrute
pip install -r requirements.txt

Use

Help without arguments:

root@kali:~# kerbrute
Impacket v0.9.18 - Copyright 2018 SecureAuth Corporation

usage: kerbrute.py [-h] [-debug] (-user USER | -users USERS)
                   [-password PASSWORD | -passwords PASSWORDS] -domain DOMAIN
                   [-dc-ip <ip_address>] [-threads THREADS]
                   [-outputfile OUTPUTFILE] [-no-save-ticket]

optional arguments:
  -h, --help            show this help message and exit
  -debug                Turn DEBUG output ON
  -user USER            User to perform bruteforcing
  -users USERS          File with user per line
  -password PASSWORD    Password to perform bruteforcing
  -passwords PASSWORDS  File with password per line
  -domain DOMAIN        Domain to perform bruteforcing
  -dc-ip <ip_address>   IP Address of the domain controller
  -threads THREADS      Number of threads to perform bruteforcing. Default = 1
  -outputfile OUTPUTFILE
                        File to save discovered user:password
  -no-save-ticket       Do not save retrieved TGTs with correct credentials

Examples: 
	./kerbrute.py -users users_file.txt -passwords passwords_file.txt -domain contoso.com

Example of execution:

root@kali:~# kerbrute -domain jurassic.park -users users.txt -passwords passwords.txt -outputfile jurassic_passwords.txt
Impacket v0.9.18 - Copyright 2018 SecureAuth Corporation

[*] Stupendous => triceratops:Sh4rpH0rns
[*] Saved TGT in triceratops.ccache
[*] Valid user => velociraptor [NOT PREAUTH]
[*] Valid user => trex
[*] Saved discovered passwords in jurassic_passwords.txt

kerbrute's Issues

SessionKeyDecryptionError

Traceback (most recent call last):
File "kerbrute.py", line 31, in
from impacket.krb5.kerberosv5 import getKerberosTGT, KerberosError, SessionKeyDecryptionError
ImportError: cannot import name SessionKeyDecryptionError

UnicodeDecodeError on Kali

I'm unable to run kerbrute, neither with python3 or python3.9, i got:

Traceback (most recent call last):
  File "/home/kali/kerbrute/kerbrute.py", line 4, in <module>
    kerbrute.main()
  File "/home/kali/kerbrute/kerbrute/main.py", line 100, in main
    args = parser.parse_args()
  File "/home/kali/kerbrute/kerbrute/main.py", line 80, in parse_args
    args.passwords = self._get_file_lines(args.passwords)
  File "/home/kali/kerbrute/kerbrute/main.py", line 92, in _get_file_lines
    return [line.strip('\r\n') for line in fi]
  File "/home/kali/kerbrute/kerbrute/main.py", line 92, in <listcomp>
    return [line.strip('\r\n') for line in fi]
  File "/usr/lib/python3.9/codecs.py", line 322, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 933: invalid continuation byte

Also installing through pip i get same error :-(

Erorr when trying right user&pass pair against krb5-kdc

As I was getting to know how to use this i wanted to test it against just few users (knowing which are good and which wrong) and few passwords (with one right).

Discovering users work fine, but I always get "no password discovered" even though I know there is one correct pair.

After adding -debug, and get an error:

[+] Error trying correctUser:correctPassword <TagSet object, tags 0:32:16-64:32:26> not in asn1Spec: <EncASRepPart schema object, tagSet=<TagSet object, tags 0:32:16-64:32:25>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type key=<EncryptionKey schema object, tagSet=<TagSet object, tags 0:32:16-128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type keytype=<Int32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts -2147483648, 2147483647>>>>, <NamedType object, type keyvalue=<OctetString schema object, tagSet <TagSet object, tags 0:0:4-128:32:1>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type last-req=<LastReq schema object, tagSet=<TagSet object, tags 0:32:16-128:32:1>, subtypeSpec=<ConstraintsIntersection object>, componentType=<Sequence schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type lr-type=<Int32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts -2147483648, 2147483647>>>>, <NamedType object, type lr-value=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type nonce=<UInt32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:2>>>, <OptionalNamedType object, type key-expiration=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:3>, encoding us-ascii>>, <NamedType object, type flags=<TicketFlags schema object, tagSet <TagSet object, tags 0:0:3-128:32:4>>>, <NamedType object, type authtime=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:5>, encoding us-ascii>>, <OptionalNamedType object, type starttime=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:6>, encoding us-ascii>>, <NamedType object, type endtime=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:7>, encoding us-ascii>>, <OptionalNamedType object, type renew-till=<KerberosTime schema object, tagSet <TagSet object, tags 0:0:24-128:32:8>, encoding us-ascii>>, <NamedType object, type srealm=<Realm schema object, tagSet <TagSet object, tags 0:0:27-128:32:9>, encoding iso-8859-1>>, <NamedType object, type sname=<PrincipalName schema object, tagSet=<TagSet object, tags 0:32:16-128:32:10>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type name-type=<Int32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts -2147483648, 2147483647>>>>, <NamedType object, type name-string=<SequenceOf schema object, tagSet=<TagSet object, tags 0:32:16-128:32:1>, subtypeSpec=<ConstraintsIntersection object>, componentType=<KerberosString schema object, tagSet <TagSet object, tags 0:0:27>, encoding iso-8859-1>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type caddr=<HostAddresses schema object, tagSet=<TagSet object, tags 0:32:16-128:32:11>, subtypeSpec=<ConstraintsIntersection object>, componentType=<HostAddress schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type addr-type=<Int32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts -2147483648, 2147483647>>>>, <NamedType object, type address=<OctetString schema object, tagSet <TagSet object, tags 0:0:4-128:32:1>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type encrypted_pa_data=<METHOD_DATA schema object, tagSet=<TagSet object, tags 0:32:16-128:32:12>, subtypeSpec=<ConstraintsIntersection object>, componentType=<PA_DATA schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type padata-type=<Int32 schema object, tagSet <TagSet object, tags 0:0:2-128:32:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts -2147483648, 2147483647>>>>, <NamedType object, type padata-value=<OctetString schema object, tagSet <TagSet object, tags 0:0:4-128:32:2>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>

I am running it on clean, freshly installed deb10, with locally hosted krb5-kdc. Kerbrute was installed via pip3.

Got any idea what can be the problem and how to solve it?

Wrong version

Hi,

i have installed Kerbrute on Kali Linux, but the version is old and thus does not work correctly, is the repository outdated?

Recommend Projects

tarlogicsecurity / kerbrute Goto Github PK

kerbrute's Introduction

kerbrute

Installation

Use

kerbrute's People

Contributors

Stargazers

Watchers

Forkers

kerbrute's Issues

SessionKeyDecryptionError

UnicodeDecodeError on Kali

Erorr when trying right user&pass pair against krb5-kdc

Wrong version

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent