-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add get_user_spns external module and documentation #9718
Conversation
{'type': 'aka', 'ref': 'GetUserSPNs.py'}, | ||
{'type': 'aka', 'ref': 'Kerberoast'} | ||
], | ||
'type': 'scanner.single', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per #9733, it should be single_scanner
062e3dd
to
8d0e3ad
Compare
Release NotesThe external auxiliary/gather/get_user_spns module has been added to the framework. The module enables you to perform Kerberoasting by finding Service Principal Names (SPNs) that are associated with normal user accounts and then requesting Ticket Granting Service (TGS) tickets for those accounts. Once you have the TGS tickets, you can use offline brute force attacks to get the passwords for the SPN accounts. The module requires the Impacket library, Python 2.7, and the credentials for a domain user account. |
This adds an external module for the GetUserSPNs.py script, which performs Kerberoasting.
Verification
./msfconsole -q -x 'use auxiliary/gather/get_user_spns; set rhosts <dc-ip> ; set smbuser <user> ; set smbpass <password> ; set smbdomain <domain> ; run'