Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kerberos asrep roasting improvements #19338

Merged
merged 1 commit into from
Jul 24, 2024
Merged

Kerberos asrep roasting improvements #19338

merged 1 commit into from
Jul 24, 2024

Conversation

adfoster-r7
Copy link
Contributor

Makes improvements to the asrep roasting module

Bug fix:

[+] [2024.07.22-23:57:58] Workspace:test Beginning step 1/1 Scanning 192.168.123.133-192.168.123.133 - Progress: 0%
[*] [2024.07.22-23:57:58] Using domain: DEMO.LOCAL - 192.168.123.133:88   ...
[*] [2024.07.22-23:57:58] 192.168.123.133 - User: "user1" user not found
[+] [2024.07.22-23:57:58] 192.168.123.133 - User: "vagrant" is present
[!] [2024.07.22-23:57:58] 192.168.123.133:88    - LOGIN FAILED: {:private_data=>nil, :private_type=>:password, :username=>"test_user", :realm_key=>"Active Directory Domain", :realm_value=>"DEMO.LOCAL"} - Unhandled error - scan may not produce correct results: undefined method `find' for nil:NilClass

              etype_entries = pa_data.find {|entry| entry.type == Rex::Proto::Kerberos::Model::PreAuthType::PA_ETYPE_INFO2}
                                     ^^^^^ - 
[+] [2024.07.22-23:57:58] 192.168.123.133 - User: "administrator" is present
[*] [2024.07.22-23:57:58] Complete (0 sessions opened) auxiliary/gather/kerberos_enumusers
[+] [2024.07.22-23:57:58] Workspace:test Task Completed - Progress: 100%

Verification

  • Create an ASREP roastable account in your AD environment

image

  • Verify gather/asrep and gather/kerberos_enumusers can detect this user account

@adfoster-r7 adfoster-r7 force-pushed the kerberos-asrep-roasting-improvements branch from 422a42a to 89cf022 Compare July 24, 2024 17:01
adfoster-r7
adfoster-r7 commented Jul 24, 2024
View reviewed changes
modules/auxiliary/gather/asrep.rb
if user_file.blank? && username.blank?
fail_with(Msf::Module::Failure::BadConfig, 'User file or username must be specified when brute forcing')
end
if username.present?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Paper trail: I was aligning this module to more closely align with how login scanners work, where you can provide a user file, or a username.

This might be confusing for the auth scenario to LDAP - we can revert this change if so 👍

@adfoster-r7 adfoster-r7 merged commit 8f472b9 into rapid7:master Jul 24, 2024
64 of 65 checks passed
@adfoster-r7 adfoster-r7 deleted the kerberos-asrep-roasting-improvements branch July 24, 2024 17:12
@adfoster-r7 adfoster-r7 added the rn-enhancement release notes enhancement label Jul 24, 2024
@adfoster-r7
Copy link
Contributor Author

Release Notes

Improves error handling and progress tracking in the auxiliary/gather/kerberos_enumusers and gather/asrep modules

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwelch-r7 dwelch-r7 dwelch-r7 approved these changes

Assignees
No one assigned
Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adfoster-r7 @dwelch-r7