Skip to content
Use python to perform Kerberos pre-auth bruteforcing
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
_crypto Add files via upload Jan 3, 2020
pyasn1 Add files via upload Jan 3, 2020
.gitignore
ADPwdSpray.py Add files via upload Jan 3, 2020
EnumADUser.py Add files via upload Jan 3, 2020
LICENSE Initial commit Jan 3, 2020
README.md Update README.md Jan 3, 2020

README.md

pyKerbrute

Use python to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

Reference:

https://github.com/ropnop/kerbrute

https://github.com/mubix/pykek

PyKerbrute is my exercise of learing Kerberos and Python.

Kerbrute is a good tool to bruteforce and enumerate valid Active Directory accounts.It's faster and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625.So I tried to implement it with Python.I refer to pykek in the writing of Python code.

Kerbrute validates a username or test a login by only sending one UDP frame to the KDC (Domain Controller).My PyKerbrute adds support for TCP and the NTLM hash of Active Directory accounts.

EnumADUser.py

Use Kerberos pre-authentication to enumerate valid Active Directory accounts.

Usage:

EnumADUser.py <domainControlerAddr> <domainName> <mode>
<mode>: tcp or udp

Eg.

EnumADUser.py 192.168.1.1 test.com user.txt tcp

ADPwdSpray.py

Use Kerberos pre-authentication to test a single password or NTLM hash against a list of Active Directory accounts.

Usage:

ADPwdSpray.py <domainControlerAddr> <domainName> <file> <passwordtype> <data> <mode>
<mode>: tcp or udp

Eg.

ADPwdSpray.py 192.168.1.1 test.com user.txt clearpassword DomainUser123! tcp

ADPwdSpray.py 192.168.1.1 test.com user.txt ntlmhash e00045bd566a1b74386f5c1e3612921b udp
You can’t perform that action at this time.