Hello Stackers, kerbrute is a tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication
Grab the latest binaries from the releases page to get started.
ackground
This tool grew out of some bash scripts I wrote a few years ago to perform bruteforcing using the Heimdal Kerberos client from Linux. I wanted something that didn’t require privileges to install a Kerberos client, and when I found the amazing pure Go implementation of Kerberos gokrb5, I decided to finally learn Go and write this.
Bruteforcing Windows passwords with Kerberos is much faster than any other approach I know of, and potentially stealthier since pre-authentication failures do not trigger that “traditional” An account failed to log on event 4625. With Kerberos, you can validate a username or test a login by only sending one UDP frame to the KDC (Domain Controller)
For more background and information, check out my Troopers 2019 talk, Fun with LDAP and Kerberos (link TBD)
Usage
Kerbrute has three main commands:
- bruteuser – Bruteforce a single user’s password from a wordlist
- bruteforce – Read username:password combos from a file or stdin and test them
- passwordspray – Test a single password against a list of users
- userenum – Enumerate valid domain usernames via Kerberos
Quickstart
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>Alright that’s all folks, for the full docs please refer to here.. cyaa..
