Lucene search
K

Kerberos Authentication Check Scanner

🗓️ 27 Jan 2023 19:49:42Reported by alanfosterType 
metasploit
 metasploit
🔗 www.rapid7.com👁 80 Views

Test Kerberos logins on multiple machines and report successful logins. Record successful logins and hosts when connected to a database. Identify enabled/disabled user accounts. TGT logged for offline cracking.

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Kerberos::AuthBrute

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Kerberos Authentication Check Scanner',
        'Description' => %q{
          This module will test Kerberos logins on a range of machines and
          report successful logins.  If you have loaded a database plugin
          and connected to a database this module will record successful
          logins and hosts so you can track your access.

          Kerberos accounts which do not require pre-authentication will
          have the TGT logged for offline cracking, this technique is known as AS-REP Roasting.

          It is also able to identify whether user accounts are enabled or
          disabled/locked out.
        },
        'Author' => [
          'alanfoster',
        ],
        'References' => [
          ['ATT&CK', Mitre::Attack::Technique::T1110_001_PASSWORD_GUESSING],
          ['ATT&CK', Mitre::Attack::Technique::T1110_003_PASSWORD_SPRAYING],
          ['ATT&CK', Mitre::Attack::Technique::T1589_001_CREDENTIALS],
          ['ATT&CK', Mitre::Attack::Technique::T1087_002_DOMAIN_ACCOUNT]
        ],
        'License' => MSF_LICENSE,
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'Reliability' => [],
          'SideEffects' => [ACCOUNT_LOCKOUTS, IOC_IN_LOGS]
        }
      )
    )
  end

  def run
    attempt_kerberos_logins
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation