Add hash modes 19600 (krb5tgs enctype 17) and 19700 (krb5tgs enctype 18) #1955
The jtr implementation should also be there soon (cc @kholia)
This addresses issue #1384. Furthermore, #1386 being a subset of the algorithms implemented within this PR, it would be trivial to create such a new hash format and also close this issue (I'll do it later). Finally, this implementation could also permit to close #959 as same algorithms are involved... Later again
How does it work
(not so) TL;DR: within a Windows Active Directory environment, registered services (as MsSQL or so) rely on a domain account in order to be functional.
So, having a valid domain user account, you can request tickets of accounts having a SPN and try to retrieve the password of concerned accounts
Active Directory offers 4 algorithms to generate the encryption key:
I had already implemented enctype 23 back in the days but enctype 17 and 18 were missing, so here they are!
How can I haz ticketz?
Back in the days I coded a private tool (kerberom) based on the amazing impacket from @asolino. Then other tools became public and the attack is now within the impacket suite (GetUserSPNs.py).
Guys... we are in 2019... you should now use Managed Service Accounts. If not possible, create a dedicated domain account having a random password!
Provided a rig of 8 GTX 1080Ti:
The performances are not good compared to the RC4 algorithm, but meh you know... PBKDF2, AES, etc.
@HarmJ0y and @PyroTek3 described all the mechanisms involved in these kinds of attacks. They also give a lot of insights on Active Directory on a global basis. I highly recommend you to read their awesome blogs (harmj0y's one and PyroTek3's one) whether you are a beginner or a confirmed Windows administrator/pentester.
I hope you have all the information you need to Kerberoast a bit now
PS: a big thanks to @skelsec who provided the algorithm and convinced me to implement it in hashcat as I was being lazy...
We are currently implementing support for the HIP backend and during first tests the new HIPRTC JiT fails in hash-mode 19600/19700 with the following errors:
If I interpret this correctly, it thinks that there this is some logic error that needs fixing? It seems the switch can only enter case 0, probably ending up in false negative for the other cases. It's also possible that this is some sort of false report from the JiT, however we need to deal with it. Please try to rewrite this part so that the JiT can finish the compilation.
Could you please review this part again?
It looks like it possibly doesn't like that the mask variable is initialized inside the switch scope branch. If you declare "u32 mask;" before the switch and change the branch statements to assignment lines does that get rid of the error?
The other message that the default branch can't be hit can safely be removed, it should never be hit. It simply has a return line.