3gstudent/pyKerbrute 3gstudent/pyKerbrute

  • Stars
    star
    168
  • Rank 225,507 (Top 5 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created almost 5 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
3gstudent/pyKerbrute
github

3gstudent

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Use python to perform Kerberos pre-auth bruteforcing

pyKerbrute

Use python to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

Reference:

https://github.com/ropnop/kerbrute

https://github.com/mubix/pykek

PyKerbrute is my exercise of learing Kerberos and Python.

Kerbrute is a good tool to bruteforce and enumerate valid Active Directory accounts.It's faster and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625.So I tried to implement it with Python.I refer to pykek in the writing of Python code.

Kerbrute validates a username or test a login by only sending one UDP frame to the KDC (Domain Controller).My PyKerbrute adds support for TCP and the NTLM hash of Active Directory accounts.

EnumADUser.py

Use Kerberos pre-authentication to enumerate valid Active Directory accounts.

Usage:

EnumADUser.py <domainControlerAddr> <domainName> <mode>
<mode>: tcp or udp

Eg.

EnumADUser.py 192.168.1.1 test.com user.txt tcp

ADPwdSpray.py

Use Kerberos pre-authentication to test a single password or NTLM hash against a list of Active Directory accounts.

Usage:

ADPwdSpray.py <domainControlerAddr> <domainName> <file> <passwordtype> <data> <mode>
<mode>: tcp or udp

Eg.

ADPwdSpray.py 192.168.1.1 test.com user.txt clearpassword DomainUser123! tcp

ADPwdSpray.py 192.168.1.1 test.com user.txt ntlmhash e00045bd566a1b74386f5c1e3612921b udp

Details:ใ€Šๆธ—้€ๆŠ€ๅทงโ€”โ€”้€š่ฟ‡Kerberos pre-auth่ฟ›่กŒ็”จๆˆทๆžšไธพๅ’Œๅฃไปค็ˆ†็ ดใ€‹

More Repositories

1

Pentest-and-Development-Tips

A collection of pentest and development tips
1,052
star
2

Homework-of-C-Language

C/C++ code examples of my blog.
C++
334
star
3

Worse-PDF

Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.
Python
331
star
4

Homework-of-Python

Python codes of my blog.
Python
321
star
5

List-RDP-Connections-History

Use powershell to list the RDP Connections History of logged-in users or all users
PowerShell
253
star
6

Eventlogedit-evtx--Evolution

Remove individual lines from Windows XML Event Log (EVTX) files
C++
246
star
7

Javascript-Backdoor

Learn from Casey Smith @subTee
PowerShell
242
star
8

Invoke-BuildAnonymousSMBServer

Use to build an anonymous SMB file server.
PowerShell
219
star
9

msbuild-inline-task

175
star
10

CLR-Injection

Use CLR to inject all the .NET apps
Batchfile
170
star
11

Homework-of-C-Sharp

C Sharp codes of my blog.
C#
169
star
12

Inject-dll-by-APC

Asynchronous Procedure Calls
C++
163
star
13

SharpRDPCheck

Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
C#
154
star
14

Inject-dll-by-Process-Doppelganging

Process Doppelgรคnging
C
151
star
15

backup-3gstudent.github.io

old blog
SCSS
146
star
16

Smbtouch-Scanner

Automatically scan the inner network to detect whether they are vulnerable.
Python
140
star
17

ntfsDump

Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
C++
110
star
18

Homework-of-Powershell

powershell codes of my blog.
PowerShell
93
star
19

Use-COM-objects-to-bypass-UAC

C++
86
star
20

Office-Persistence

Use powershell to test Office-based persistence methods
PowerShell
77
star
21

Windows-User-Clone

Create a hidden account
PowerShell
76
star
22

Windows-EventLog-Bypass

Use subProcessTag Value From TEB to identify Event Log Threads
C++
74
star
23

APT34-Jason

Use to perform Microsoft exchange account brute-force.
C#
74
star
24

pyXSSPlatform

Used to build an XSS platform on the command line.
Python
71
star
25

CVE-2017-8464-EXP

Support x86 and x64
67
star
26

bitsadminexec

Use bitsadmin to maintain persistence and bypass Autoruns
67
star
27

Code-Execution-and-Process-Injection

Powershell to CodeExecution and ProcessInjection
PowerShell
64
star
28

Shellcode-Generater

No inline asm,support x86/x64
C++
63
star
29

test

just test
C#
63
star
30

CreateRemoteThread

From 32-bit process to 64-bit process
C++
62
star
31

PasswordFilter

2 ways of Password Filter DLL to record the plaintext password
C++
61
star
32

Dump-Clear-Password-after-KB2871997-installed

PowerShell
59
star
33

From-System-authority-to-Medium-authority

Penetration test
C++
57
star
34

Waitfor-Persistence

Use Waitfor.exe to maintain persistence
PowerShell
54
star
35

Bypass-Windows-AppLocker

C
54
star
36

NinjaCopy

Powershell to copy ntds.dit
PowerShell
54
star
37

COM-Object-hijacking

use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)
PowerShell
54
star
38

3gstudent.github.io

Blog
SCSS
54
star
39

Winpcap_Install

Auto install WinPcap on Windows(command line)
Batchfile
52
star
40

ewsManage

My exercise of using Exchange Web Service(EWS)
C#
51
star
41

HiddenNtRegistry

Use NT Native Registry API to create a registry that normal user can not query.
C++
49
star
42

Homework-of-Go

Go code examples of my blog.
Go
49
star
43

signtools

From Windows SDK
47
star
44

Eventlogedit-evt--General

Remove individual lines from Windows Event Viewer Log (EVT) files
C++
44
star
45

PNG-Steganography

Steganography Payload
C++
44
star
46

easBrowseSharefile

Use to browse the share file by eas(Exchange Server ActiveSync)
Python
43
star
47

Bypass-McAfee-Application-Control--Code-Execution

source&exe
PowerShell
38
star
48

Smallp0wnedShell

Small modification version of p0wnedShell
C#
37
star
49

ListInstalledPrograms

List the programs that the current Windows system has installed
PowerShell
36
star
50

AutoIt-Keylogger

AutoIt
33
star
51

Hide-Process-by-kd.exe

powershell to hide process by kd.exe
PowerShell
33
star
52

NodeJS-Downloader

An example of a downloader written in NodeJS.
JavaScript
26
star
53

Use-msxsl-to-bypass-AppLocker

Learn from Casey Smith@subTee
XSLT
26
star
54

GetExpiredDomains

Search for available domain from expireddomains.net
Python
24
star
55

ExcelDllLoader

Execute DLL via the Excel.Application object's RegisterXLL() method
JavaScript
22
star
56

Add-Dll-Exports

Use to generate DLL through Visual Studio
C
19
star
57

Execute-CSharp-From-XSLT-TEST

XSLT
18
star
58

Writeup

interesting analysis
PowerShell
15
star
59

PNG_stego-test

LSB-test
C
12
star
60

SendMail-with-Attachments

Use powershell to send mail
PowerShell
11
star
61

Catch-specified-file-s-handle

Enumerate all processes and get specified file's handle,then close it.
C++
10
star
62

pdf

9
star
63

IE-BHO-POSTdata-Logger

A sample IE BHO for logging Internet Explorer's POST data.
C++
9
star
64

WanaCrypt0r-Reverse-Analysis

Record my reverse analysis of WanaCrypt0r
8
star
65

bgi-creater

Use BGInfo to bypass Application Whitelisting
PowerShell
7
star
66

Get-Wlan-Keys

Powershell to get wlan keys
PowerShell
7
star
67

Homework-of-Java

Java codes of my blog
Java
5
star
68

3gstudent

5
star
69

regsvr32-test

C++
4
star
70

Test-Exploit-for-Joomla-3.4.4-3.6.4

Test if the website allows user registration
Python
3
star
71

BlogPic

For blog post
2
star