Kerberos laboratory to better understand and then detecting attack on kerberos

Overview

Kerlab

A Rust implementation of Kerberos for FUn and Detection

Kerlab was developped just to drill down kerberos protocol and better understand it. The main pupose is to write more targeted detection rules. These rules was presented during the Toulouse Hacking Conference 2021 that took place on 11 of june.

⚠️ Kerlab needs the nightly version of rust because we massively use static parameters for template ⚠️

kerasktgt Kerberos Ask Ticket Granting Ticket

Use to ask the first Ticket in kerberos protocol. If the username is not set, the TGT request is made without pre authentication. It will write the ticket into KRB_CRED format, compatible with rubeus or mimikatz. We can choose between the cleartext password, or the ntlm hash version.

kerasktgt 0.1.0
Sylvain Peyrefitte <[email protected]>
Kerberos Lab for Fun and Detection

USAGE:
    kerasktgt.exe [FLAGS] [OPTIONS]

FLAGS:
        --forwardable    Ask for a forwardable ticket
    -h, --help           Prints help information
        --renewable      Ask for a renewable ticket
    -V, --version        Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --ntlm <ntlm>            NTLM hash for RC4 encryption
        --outfile <outfile>      Output file path
        --password <password>    Username password
        --port <port>            Domain Controller Kerberos port [default: 88]
        --username <username>    Username of TGT

kerasktgs Kerberos Ask Ticket Granting Servive

Use to ask a TGS ticket using a saved TGT. kerasktgs support S4U protocol extension, through s4u options.

kerasktgs 0.1.0
Sylvain Peyrefitte <[email protected]>
Kerberos Lab for Fun and Detection

USAGE:
    kerasktgs.exe [FLAGS] [OPTIONS]

FLAGS:
        --forwardable    Ask for a forwardable ticket
        --forwarded      Ask for a forwarded ticket
    -h, --help           Prints help information
        --renewable      Ask for a renewable ticket
    -V, --version        Prints version information

OPTIONS:
        --dc <dc>                  host IP of the Domain Controller
        --outfile <outfile>        Output file path
        --port <port>              Domain Controller Kerberos port [default: 88]
        --s4u <s4u>                Ask for a service ticket in place of this user
        --s4u-realm <s4u-realm>    Ask for a service ticket in place of this user
        --service <service>        Name of the service
        --ticket <ticket>          TGT recorded using kerasktgt

kerforce Kerberos Brute Force

Use to perform an online brute force attack. The file attribute is just a file with a password at each line.

kerforce 0.1.0
Sylvain Peyrefitte <[email protected]>
Kerberos Lab for Fun and Detection

USAGE:
    kerforce.exe [FLAGS] [OPTIONS]

FLAGS:
    -h, --help       Prints help information
        --safe       Stop when account it's first locked
    -V, --version    Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --file <file>            File that contain password file
        --port <port>            Domain Controller Kerberos port [default: 88]
        --username <username>    Username of TGT

kerspray Kerberos Password Spraying

Use to perform a Kerberos Password spraying attack using a list of username.

kerspray 0.1.0
Sylvain Peyrefitte <[email protected]>
Kerberos Lab for Fun and Detection

USAGE:
    kerspray.exe [FLAGS] [OPTIONS]

FLAGS:
    -h, --help       Prints help information
        --safe       Stop when account it's first locked
    -V, --version    Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --file <file>            File that contain username
        --password <password>    Password of TGT
        --port <port>            Domain Controller Kerberos port [default: 88]

kerticket Kerberos Ticket Viewer

Print informations of ticket saved on disk. Use to convert a ticket into hashcat compatible format. We can decrytp the EncTicketPartBody using the hash or the password of the service (including krbtgt).

kerticket 0.1.0
Sylvain Peyrefitte <[email protected]>
Kerberos Lab for Fun and Detection

USAGE:
    kerticket.exe [OPTIONS]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --hashcat <hashcat>      output file for hash cat brute forcing
        --ntlm <ntlm>            NTLM hash for RC4 encryption de decrypt ticket
        --password <password>    Password for RC4 encryption de decrypt ticket
        --ticket <ticket>        Path to the ticket file
You might also like...
A tool and library to losslessly join multiple .mp4 files shot with same camera and settings

mp4-merge A tool and library to losslessly join multiple .mp4 files shot with same camera and settings. This is useful to merge multiple files that ar

A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models you subscribe to on Onlyfans.

OF-notifier A tray application for Windows that gives you push notifications and instant downloads of new posts, messages and stories posted by models

A simpler and 5x faster alternative to HashMap in Rust, which doesn't use hashing and doesn't use heap

At least 5x faster alternative of HashMap, for very small maps. It is also faster than FxHashMap, hashbrown, ArrayMap, and nohash-hasher. The smaller

A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.
A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

FREE Reverse Engineering Self-Study Course HERE Hacking Rust A comprehensive and FREE Online Rust hacking tutorial utilizing the x64, ARM64 and ARM32

Leetcode Solutions in Rust, Advent of Code Solutions in Rust and more

RUST GYM Rust Solutions Leetcode Solutions in Rust AdventOfCode Solutions in Rust This project demostrates how to create Data Structures and to implem

:crab: Small exercises to get you used to reading and writing Rust code!
:crab: Small exercises to get you used to reading and writing Rust code!

rustlings 🦀 ❤️ Greetings and welcome to rustlings. This project contains small exercises to get you used to reading and writing Rust code. This inclu

A catalogue of Rust design patterns, anti-patterns and idioms

Rust Design Patterns An open source book about design patterns and idioms in the Rust programming language that you can read here. Contributing You ar

Simple and performant hot-reloading for Rust

reloady Simple, performant hot-reloading for Rust. Requires Rust nightly and only works on Linux for now. installing CLI To install the CLI helper car

Rust library for hardware accelerated drawing of 2D shapes, images, and text, with an easy to use API.
Rust library for hardware accelerated drawing of 2D shapes, images, and text, with an easy to use API.

Speedy2D Hardware-accelerated drawing of shapes, images, and text, with an easy to use API. Speedy2D aims to be: The simplest Rust API for creating a

Owner
Sylvain Peyrefitte
Sylvain Peyrefitte
A dos attack for you to use!

Welcome To Rust Dos attacker! Why should I use it? It has unrivaled speeds because it is built in rust and hand optimized. It also comes with an AI mo

Carghai74 5 Dec 2, 2022
HP++: A Hazard Pointers Extension for Better Applicability

HP++: A Hazard Pointers Extension for Better Applicability This is an implementation of HP++, a safe memory reclamation scheme proposed in Jaehwang Ju

KAIST Concurrency & Parallelism Laboratory 3 May 10, 2023
todo2(a.k.a. todo or die) - A better todo! macro inspired from searls/todo_or_die

todo2 todo2(a.k.a. todo or die) - A better todo! macro inspired from searls/todo_or_die This crate provides a better todo! macro, which allows you to

Anas 8 Sep 26, 2023
An API for getting questions from http://either.io implemented fully in Rust, using reqwest and some regex magic. Provides asynchronous and blocking clients respectively.

eithers_rust An API for getting questions from http://either.io implemented fully in Rust, using reqwest and some regex magic. Provides asynchronous a

null 2 Oct 24, 2021
Safe, efficient, and ergonomic bindings to Wolfram LibraryLink and the Wolfram Language

wolfram-library-link Bindings to the Wolfram LibraryLink interface, making it possible to call Rust code from the Wolfram Language. This library is us

Wolfram Research, Inc. 28 Dec 6, 2022
This blog provides detailed status updates and useful information about Theseus OS and its development

The Theseus OS Blog This blog provides detailed status updates and useful information about Theseus OS and its development. Attribution This blog was

Theseus OS 1 Apr 14, 2022
Omeglib, a portmanteau of "omegle" and "library", is a crate for interacting with omegle, simply and asynchronously

Omeglib, a portmanteau of "omegle" and "library", is a crate for interacting with omegle, simply and asynchronously. It is intended to suit one's every requirement regarding chat on omegle.

null 1 May 25, 2022
Fast and simple datetime, date, time and duration parsing for rust.

speedate Fast and simple datetime, date, time and duration parsing for rust. speedate is a lax† RFC 3339 date and time parser, in other words, it pars

Samuel Colvin 43 Nov 25, 2022
In this repository you can find modules with code and comments that explain rust syntax and all about Rust lang.

Learn Rust What is this? In this repository you can find modules with code and comments that explain rust syntax and all about Rust lang. This is usef

Domagoj Ratko 5 Nov 5, 2022