New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Kerberos TGS etype 17/18 #1384

Open
elitest opened this Issue Oct 4, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@elitest

elitest commented Oct 4, 2017

Myself and a colleague have been researching kerberos and recently had PRs merged into Invoke-Kerberoast.ps1(EmpireProject/Empire#725) and GetUserSPNs.py(CoreSecurity/impacket#239) that allow for properly generating AES Kerberoast hashes. While it is not currently common for AES hashes to be encountered in an environment, it is a best practice for administrators to begin configuring accounts with AES. So these hashes should become more common.

Currently hashcat supports etype 23(RC4). I'm requesting that type 17(AES-128) and type 18(AES-256) be supported as well. In the examples below are hashes for AES-128 and AES-256. The passwords for these hashes are "Weakpass1".

SamAccountName       : aes256_svc
DistinguishedName    : CN=AES 256 Service,OU=Service Accounts,DC=goat,DC=derby,DC=local
ServicePrincipalName : HTTP/client.goat.derby.local:9090
Hash                 : $krb5tgs$18$*aes256_svc$goat.derby.local$HTTP/client.goat.derby.local:9090*$80B149FFB9DCAD067BEBCBBA2D065A69$65FF8BA72C875DCF7431231DCB2AAEE5A013D
                       CF4160D2E9483D91288566EA99D784EDA29C93C1AE999A8911DBAD6891656B20BEEAB1B765BF581AE1E8C244B7E797E875C4A365B068DFDA6FF280DE659FBC8330D645AF1A10471F32
                       A4E92BC60BD34FFFCD5E213E36BA17CD335DA3D9ABB66BB267B24D7A6EAD3513575A44F7B3830C42F77C6A0CE7477D89EA9502CA9ADD500FAB4D3562211EB017C36D5B49818DB25DA6
                       0607BEDB41F1A55E29801AA7A681EB1E8C79EB24FA07E8C6B646A91D0ADF8B3B7266DDF88A08D91FA8755AA23A057DC48801CBA46FB90D8F17B62EA505A408A7BEA8D1044A2C5E8945
                       67305DBF36BAB5CA973E04BE99B6748A611952F3EB19994A9A624F273FCA33D53717478E17B67E3179F7AB4EA6A24F1EFD69F43EFAECD5BB79A0E5C9A91820080874C8B2E407C79A91
                       B545FD7AE796E30B9B28D85169B67571BCEFD23258497BDF5AD75D1F4E572755520E470F8B0854FB0C60A792D48AA1AB2C317A586702BAE4F7EA9308982E2FD1844E02D53502FC4345
                       8AE25204CE917DE0C825D088140AD4110FFAC0C840C00E4CCB0659ABE05C934A35F5BDB220F2ACC724760E4D884B4D26C2E7A92A6924D94E3BDB886C86A4C344B0D3314BF91848D7A6
                       DA74AD7ACE956EC318841788E519045580FDCDF10460F9DDB701E5BA9BD0878FCB82459E3DDB52D29C487B90BAFDC679E581F4305BB888E5DB0559A09BE60CBD3AE8A21C9660D0A95D
                       F19475A83524A8642469A18A4C84235BDD8C4C23C0FEBAA89FEF87C771753BDE5600CA34650D1CA3100174DF8B18CA156B859DB43BA06B1927EDDC5234B901E571F05E030535BD7EE2
                       5E5367EBD06AAF95EF789DEAFCD6F60BD81F5A33CF5FB0EAFF811F72B27155E6C31944F7606A5A99F28FA285E02C15407D22EE0CE3617189489067C4CC6ADCE1C3242E112ABAFF30B5
                       B64DB8716000006AB84D2EE45EBE59CE2D02A336D01235CA56355AA1A67F8BD4DCABF6309372C482430244DD35662A668A3DEF113E040AFD4CA355DB21328EC51384BFCA5348F1F141
                       90E1D0C7372E1C059F8FDCAFBA5146E6273C59F5478BE3C77F365B3DA42D789DAA6D2336866969DA8FCAC83735222BD1B25916D5611F2EC5F2ECEDA05F8B38A958E9BAFF1F6C32142D
                       22F41E853BA255D02C761071E48BC282BA1EDF412DAF2D57E7482878818A7B3783E38B7C2AA594E21D5692B25E7924DAA8F27881CA89608EDF3A726EF1A8CF790033D34A6D09FB1A3F
                       5A63255D9AF0E9E7B1321F53BC8B03770ADAFB5CE1062FCC8E2694D15DE5E198BA6A4C1172E7F3B75E349AD9DFDE5DD5C1A5B11ABAFCA71CB6B4AF02BBCA042B8CE61F40F0416E928A
                       4FF5DD9CEC5969ADF93CBBBB9D1952D7BBF752005980E8AF99AE533A7A62798836774FBFD474AA69E1138A9FCA6424FCF588AEF576E1B84BD60CF134CE78179B9D3DFCD8488DE81A52
                       DE6470627B7962CFB519CEA5B8F4EB676CE18D8A0DB6EB80BB98AB1E1E00743DA1324AFC36CF4D33413F1FB43205EA04B54E26704CEDB248F414CB7EA212F49E513FC656101B2C38EE
                       3155879CF214B963CCF35FD7AD3B58235398499FF661F6505B29B3E72D6FA4D64878A1C9187FA6C780AD2792B858562DFDDC3DE06B800D117B713

SamAccountName       : aes128_svc
DistinguishedName    : CN=AES 128 Service,OU=Service Accounts,DC=goat,DC=derby,DC=local
ServicePrincipalName : HTTP/client.got.derby.local:8085
Hash                 : $krb5tgs$17$*aes128_svc$goat.derby.local$HTTP/client.got.derby.local:8085*$8DB6AAE2E55C2B1FD1A78A34010D36E0$11865E0EC0DE1FFE0C3EF5DEFB692E841E0A93
                       2A8611138F13A323A28703779CFCE10D18619F31A953CAA48EAA9194044AE94DFCF457CF9649B8C64512BD5FA72CA118C50B889BF03FE92622BC7908ECB355F8992080D78ED38968C7
                       0769DAB28608C007C9E21B2DD660022035703F514FBC68D9B88AEA2140B37EC773D17D6B95D54FF9FFAEB5A47243B08DB5B0678C5DC5E3A6FC3D9FBD828EC2430C9969167798A2AF0A
                       200BAB4C2A4277ECF9C6ACC0CCE2B31F8E44C90A3764D783DD33D7A89A7F49FA582525737C73A6A8CC2EED8E85921462120C1A80421A52F804961240F933A3F7D2A4E33256E78D9A02
                       DBBCC19104A929A4D7AE4687E225C34CF5BBA72E4C535C5B9AF1E5C4938B885F2112523B14899484ABCF3843B2A9AFFFBC74203A9B0569CADBDA155229A21E2BFA0352640E99D90F9F
                       02411B0ADE52D3D33B0F69DE2FB527DA881A4564769B7A9FC2D1815E33C549369B2C82AD393A7829F866FE2FC178CD7988AD03E09458C6AB204858347A8FC2A26F1122AD85AD115D43
                       BE55B2121B24A29F432766CA3DD87FBC5DACBB1697F9092253E5295B561E7A81BC73741803D8DD8E0DA45F29BCAD2F03E8EE3283886FCB62179A9AF7463D085C6157CF4288EA179DE8
                       5682BE889360D46A5C421B9F77707DB308AEE380224D404976EA659202B67AC9B2CAD7EA4F3CAC6A7835F78058FBD58E777203F06B4A4C8401BCA023BF4B1E7F6C8F519E516A0A506B
                       9A7D315C9EF1A600AE31F271D8BECB66F6917C51A2467B76BF092C654BB6071502F27E26E533F39AF6240562225897FB17FD12FEA6BE9D6D842662A3B278598326AE885E13380FC443
                       5975F2E08B9DEA4EAF9737A00DF55AC54562C1BC4581CD735A65C56EB093B5EBB0C5A5E9E50331447599DD9CD14C4E71D2780B8969109BC79957537A41A89EA12422BB63824B129907
                       2804B9C291308DFF8352BC42995E62008FB9A261E0AB4BF34CE54D5C21551F06747687FB5FA9AB5582C9A34A4437EAECA4BC8F457032C84666D5CF2130E856D1DCF72F93EAE679B6D3
                       9F9845E6BCA520CD9E430B365CEC580A02C819F5FC322FAF1E493FBEA417A1FF4E13AC238D22E0081EF83F03A5586B38EE7F5CFBA468FC65688FEB78C1E365C77B63CA2F69F606D441
                       BAF3CB1138B1C94EB824A7838E1413CD7DECABB9D0C68E24DBC7EAB68DF90779F3A0B5BA830D5E718E1001FEA9CF4DA59D0DD2EDF6784FEC54EC5D8882385DC7C6388F22A6F376A1D2
                       BC7F4FAD4CE5681588A4668AD07E340951B2A92DC29263BF3F7BA1E03A84EFF2D39DB9161B9647D82F1279E569B98C72671A5663FFF6D1CE5130DD501C2C9265F1711A97C1F967C3AB
                       C31F3831E81B615C93902AB0D168EBADBBF078FCA7BF90F9275E68520A835BEF3015B8657777A3DB7EA46193126D8E26B7B78BBA5302D505F9CE755D77EC2A0FBC8CD4250050DFB984
                       933596B3FDDB0BC027632990AC8D2FD4B1C7D3624FEC6153F6AAEBB6F24E5B66190E76A664B6AC2FBB581A71D689C55076FEA3A8E77E348885ED6CDDEF1C03732256EDE458D8D4ADD9
                       8B93C02C78E3691E3F10E21AD95778A3932D5DDF55A939C2780898486970A416A7C4C66C886843ACAF05

The best resource that I have found(though I would not call it a good resource) for Microsoft's recent Kerberos changes are available in MS-KILE. AES key creation is outlined in section 4.4, around page 69. This info mostly tells you about how many rounds of PBKDF2 they are doing. We also wrote a PoC key generator and cracker over at https://github.com/CroweCybersecurity/echidna. This just generates the keys used in AD. It does not crack Kerberoast tickets. Hopefully it can be a good launching off point for understanding how the keys are generated enough to be able to decrypt these hashes.

Let me know if you have any questions that can help in fulfilling this request.

@Meatballs1

This comment has been minimized.

Show comment
Hide comment
@Meatballs1

Meatballs1 Nov 16, 2017

If etypes 1,2 or 3 have been enabled (DES) in a modern domain for backwards compatibility it would be handy to be able to run a raw DES brute force against these too. :)

Request TGT with etype 3. Crack ticket to get DES encryption key for krbtgt. Not sure if this is doable with mode 14000 or is that only EBC and not CBC?

Edit: Will try https://github.com/h1kari/des_kpt#kerberos steps to try and wrangle it into a 14000 format

Meatballs1 commented Nov 16, 2017

If etypes 1,2 or 3 have been enabled (DES) in a modern domain for backwards compatibility it would be handy to be able to run a raw DES brute force against these too. :)

Request TGT with etype 3. Crack ticket to get DES encryption key for krbtgt. Not sure if this is doable with mode 14000 or is that only EBC and not CBC?

Edit: Will try https://github.com/h1kari/des_kpt#kerberos steps to try and wrangle it into a 14000 format

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment