Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/byt3n33dl3/exchangeberos

NTLM Relay and Kerberos Attacks with ACL abuse capabilities.

https://github.com/byt3n33dl3/exchangeberos

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (10.2%) to scientific vocabulary

Keywords

active-directory kerberoasting kerberos-attack ntlm ntlm-relay pentesting windows

Keywords from Contributors

offensive-security infosectools networks pentest-tool
Last synced: 5 months ago · JSON representation

Repository

NTLM Relay and Kerberos Attacks with ACL abuse capabilities.

Basic Info
  • Host: GitHub
  • Owner: byt3n33dl3
  • License: other
  • Language: C#
  • Default Branch: main
  • Homepage:
  • Size: 558 KB
Statistics
  • Stars: 13
  • Watchers: 1
  • Forks: 1
  • Open Issues: 0
  • Releases: 1
Topics
active-directory kerberoasting kerberos-attack ntlm ntlm-relay pentesting windows
Created over 1 year ago · Last pushed over 1 year ago
Metadata Files
Readme Funding License

README.md

ExchangeBeros

ExchangeBeros is a Python script that can, like many others (e.g. SPNExec.py), print "kerberoast" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the SPN attribute), print the "kerberoast" hash, and delete the temporary SPN set for that operation. This is called targeted Kerberoasting. This tool can be used against all users of a domain, or supplied in a list, or one user supplied in the CLI.

More information about this attack - The Hacker Recipes - Kerberoast - The Hacker Recipes - Targeted Kerberoasting

Usage

This tool supports the following authentications - (NTLM) Cleartext password - (NTLM) Pass-the-hash - (Kerberos) Cleartext password - (Kerberos) Pass-the-key / Overpass-the-hash - (Kerberos) Pass-the-cache (type of Pass-the-ticket)

Among other things, ExchangeBeros supports multi-level verbosity, just append -v, -vv, ... to the command :)

```python usage: exchangeberos.py [-h] [-v] [-q] [-D TARGET_DOMAIN] [-U USERS_FILE] [--request-user username] [-o OUTPUT_FILE] [--use-ldaps] [--only-abuse] [--no-abuse] [--dc-ip ip address] [-d DOMAIN] [-u USER] [-k] [--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key]

Queries target domain for SPNs that are running under a user account and operate targeted Kerberoasting

optional arguments: -h, --help show this help message and exit -v, --verbose verbosity level (-v for verbose, -vv for debug) -q, --quiet show no information at all -D TARGETDOMAIN, --target-domain TARGETDOMAIN Domain to query/request if different than the domain of the user. Allows for Kerberoasting across trusts. -U USERSFILE, --users-file USERSFILE File with user per line to test --request-user username Requests TGS for the SPN associated to the user specified (just the username, no domain needed) -o OUTPUTFILE, --output-file OUTPUTFILE Output filename to write ciphers in JtR/hashcat format --use-ldaps Use LDAPS instead of LDAP --only-abuse Ignore accounts that already have an SPN and focus on targeted Kerberoasting --no-abuse Don't attempt targeted Kerberoasting

authentication & connection: --dc-ip ip address IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN) specified in the identity parameter -d DOMAIN, --domain DOMAIN (FQDN) domain to authenticate to -u USER, --user USER user to authenticate with

secrets: -k, --kerberos Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the command line --no-pass don't ask for password (useful for -k) -p PASSWORD, --password PASSWORD password to authenticate with -H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH NT/LM hashes, format is LMhash:NThash --aes-key hex key AES key to use for Kerberos Authentication (128 or 256 bits) ```

Credits

Credits to the whole team behind Impacket and its contributors.

Owner

  • Name: Sulaiman
  • Login: byt3n33dl3
  • Kind: user
  • Location: Error 403: Not on earth

I N F R A X 8 6

GitHub Events

Total
  • Watch event: 6
Last Year
  • Watch event: 6

Committers

Last synced: over 1 year ago

All Time
  • Total Commits: 22
  • Total Committers: 9
  • Avg Commits per committer: 2.444
  • Development Distribution Score (DDS): 0.636
Past Year
  • Commits: 10
  • Committers: 3
  • Avg Commits per committer: 3.333
  • Development Distribution Score (DDS): 0.2
Top Committers
Name Email Commits
pxcs s****9@g****m 8
iNoSec2 5****2 3
Shutdown 4****o 3
lap1nou l****y@g****m 2
lefayjey l****y@l****r 2
Shutdown n****b@p****e 1
TahiTi f****d@g****m 1
exploide me@e****t 1
Sh0ckFR 1****R 1
Committer Domains (Top 20 + Academic)
exploide.net: 1 pm.me: 1 lefayjey.fr: 1

Issues and Pull Requests

Last synced: 10 months ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels

Dependencies

src/csharp/csharp.csproj nuget
src/csharp/packages.config nuget
  • dnMerge 0.5.15 development
  • CommandLineArgumentsParser 3.0.22
  • NLog 4.7.12
  • System.ValueTuple 4.5.0
src/lib/lib.csproj nuget
src/lib/packages.config nuget
  • NLog 4.7.12
  • Portable.System.ValueTuple 1.0.1
requirements.txt pypi
  • impacket *
  • ldap3 *
  • pyasn1 *
  • pycryptodome *
  • rich *