Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Hacking Tools
A Tool To Perform Kerberos Pre-Auth Bruteforcing
Message
<blockquote data-quote="Icemane" data-source="post: 332" data-attributes="member: 8"><p><strong>A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication</strong></p><p><strong>Grab the latest binaries from the releases page to get started.</strong></p><p><strong></strong></p><p><strong>Background</strong></p><p><strong></strong></p><p><strong>This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. I wanted something that didn't require privileges to install a Kerberos client, and when I found the amazing pure Go implementation of Kerberos gokrb5, I decided to finally learn Go and write this.</strong></p><p><strong>Bruteforcing Windows passwords with Kerberos is much faster than any other approach I know of, and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625. With Kerberos, you can validate a username or test a login by only sending one UDP frame to the KDC (Domain Controller)</strong></p><p><strong>For more background and information, check out my Troopers 2019 talk, Fun with LDAP and Kerberos (link TBD).</strong></p><p><strong></strong></p><p><strong>Usage</strong></p><p><strong></strong></p><p><strong>Kerbrute has three main commands:</strong></p><p><strong></strong></p><p><strong>bruteuser - Bruteforce a single user's password from a wordlist</strong></p><p><strong>passwordspray - Test a single password against a list of users</strong></p><p><strong>usernenum - Enumerate valid domain usernames via Kerberos</strong></p><p><strong></strong></p><p><strong>A domain (-d) or a domain controller (--dc) must be specified. If a Domain Controller is not given the KDC will be looked up via DNS.</strong></p><p><strong>By default, Kerbrute is multithreaded and uses 10 threads. This can be changed with the -t option.</strong></p><p><strong>Output is logged to stdout, but a log file can be specified with -o.</strong></p><p><strong>By default, failures are not logged, but that can be changed with -v.</strong></p><p><strong>Lastly, Kerbrute has a --safe option. When this option is enabled, if an account comes back as locked out, it will abort all threads to stop locking out any other accounts.</strong></p></blockquote><p></p>
[QUOTE="Icemane, post: 332, member: 8"] [B]A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication Grab the latest binaries from the releases page to get started. Background This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. I wanted something that didn't require privileges to install a Kerberos client, and when I found the amazing pure Go implementation of Kerberos gokrb5, I decided to finally learn Go and write this. Bruteforcing Windows passwords with Kerberos is much faster than any other approach I know of, and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625. With Kerberos, you can validate a username or test a login by only sending one UDP frame to the KDC (Domain Controller) For more background and information, check out my Troopers 2019 talk, Fun with LDAP and Kerberos (link TBD). Usage Kerbrute has three main commands: bruteuser - Bruteforce a single user's password from a wordlist passwordspray - Test a single password against a list of users usernenum - Enumerate valid domain usernames via Kerberos A domain (-d) or a domain controller (--dc) must be specified. If a Domain Controller is not given the KDC will be looked up via DNS. By default, Kerbrute is multithreaded and uses 10 threads. This can be changed with the -t option. Output is logged to stdout, but a log file can be specified with -o. By default, failures are not logged, but that can be changed with -v. Lastly, Kerbrute has a --safe option. When this option is enabled, if an account comes back as locked out, it will abort all threads to stop locking out any other accounts.[/B] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Hacking Tools
A Tool To Perform Kerberos Pre-Auth Bruteforcing
Top