Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add get_user_spns external module and documentation #9718

Merged
merged 5 commits into from
Apr 2, 2018
Merged

Add get_user_spns external module and documentation #9718

merged 5 commits into from
Apr 2, 2018

Conversation

jrobles-r7
Copy link
Contributor

@jrobles-r7 jrobles-r7 commented Mar 16, 2018
edited by busterb
Loading

This adds an external module for the GetUserSPNs.py script, which performs Kerberoasting.

Verification

  • Install impacket library with requirements
  • Have a domain user account credentials
  • ./msfconsole -q -x 'use auxiliary/gather/get_user_spns; set rhosts <dc-ip> ; set smbuser <user> ; set smbpass <password> ; set smbdomain <domain> ; run'
  • Get Hashes

@acammack-r7 acammack-r7 self-assigned this Mar 16, 2018
void-in
void-in reviewed Mar 21, 2018
View reviewed changes
modules/auxiliary/gather/get_user_spns.py Outdated
{'type': 'aka', 'ref': 'GetUserSPNs.py'},
{'type': 'aka', 'ref': 'Kerberoast'}
],
'type': 'scanner.single',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per #9733, it should be single_scanner

@busterb busterb self-assigned this Apr 2, 2018
@busterb busterb merged commit 8d0e3ad into rapid7:master Apr 2, 2018
busterb added a commit that referenced this pull request Apr 2, 2018
@busterb
Land #9718, Add get_user_spns 'kerberoasting' module
fa34f3e
@busterb
Copy link
Member

busterb commented Apr 2, 2018
edited by allrosenthal-r7
Loading

Release Notes

The external auxiliary/gather/get_user_spns module has been added to the framework. The module enables you to perform Kerberoasting by finding Service Principal Names (SPNs) that are associated with normal user accounts and then requesting Ticket Granting Service (TGS) tickets for those accounts. Once you have the TGS tickets, you can use offline brute force attacks to get the passwords for the SPN accounts. The module requires the Impacket library, Python 2.7, and the credentials for a domain user account.

@jrobles-r7 jrobles-r7 deleted the getuserspn_kerberoast branch April 2, 2018 16:46
jmartin-tech pushed a commit that referenced this pull request Apr 3, 2018
@busterb @jmartin-tech
Land #9718, Add get_user_spns 'kerberoasting' module
d6f2307
@allrosenthal-r7 allrosenthal-r7 added the rn-enhancement release notes enhancement label Apr 10, 2018
@acammack-r7 acammack-r7 added the external modules PRs dealing with modules run as their own process label Apr 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@void-in void-in void-in left review comments

Assignees

@busterb busterb

@acammack-r7 acammack-r7

Labels
docs external modules PRs dealing with modules run as their own process module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@jrobles-r7 @busterb @void-in @jmartin-tech @acammack-r7 @allrosenthal-r7