If you like this project, consider sponsoring it on GitHub! Sponsors
minikerberos is a kerberos client library written in Python>=3.6 it is the kerberos library used in other tools suchs as pypykatz, aiosmb and msldap. It also comes with multiple useful examples for pentesters who wish to perform security audits on the kerberos protocol.
Install it via either cloning it from GitHub and using
$ git clone https://github.com/skelsec/minikerberos.git
$ cd minikerberos
$ python3 setup.py installor with pip from the Python Package Index (PyPI).
$ pip install minikerberos --userConsider to use a Python virtual environment.
minikerberos library contains both asynchronous and blocking versions of the kerberos client with the same API. Besides the usual password/aes/rc4 LTK authentication methods it also supports PKINIT using pfx or pem formatted certificates as well as certificates stored in windows certificate store.
minikerberos comes with examples which can be used to perform the usual pentest activities out-of-the-box without additional coding required.
Installing minikerberos module via pip will automatically place all examples in the Scripts directory by the setuptools build environment. All tools named in the following way minikerberos-<toolname>
Fetches a TGT for the given kerberos credential. The kredential must be in a standard kerberos URL format.
Fetches an TGS ticket (TGSREP) for the given cerberos credential and SPN record.
SPN must be in service/hostname@FQDN format.
Also known as SPNRoast, this tool performs a kerberoast attack against one or multiple users, using the provided kerberos credential.
This tool recovers the NT hash for the user specified by the kerberos credential. This only works if PKINIT (cert based auth) is used.
This tool attempts to recover the user's NT hash for a list of kerberoast hashes.
When you performed a kerberoast attack against one or multiple users, and have a huge list of NT hashes (no password needed) this tool will check each NT hash if it can decrypt the ticket in the kerberoasted hashes.
Full disclosure, those are not hashes and it hurt me writing the previous sentence.
This tool is used when you have credentials to a machine account and would like to impersonate other users on the same machine. Machine account credential should be supplied in the kerberos URL format, while the user to be impersonated should be in the usual UserPrincialName format eg username@FQDN
This tool is used when you have a machine account which has the permission to perform Kerberos Resource-based Constrained Delegation (RBCD). With this, you can impersonate users. For this to work, the machine account must be allowed to delegate on all protocols, not kerberos-only!
Performs "Kerberoast" attack on a CCACHE file. You get back the "hashes" for all TGS tickets stored in the CCACHE file.
Converts a CCACHE file to a list of .kirbi files.
Converts one or more .kirbi files into one CCACHE file
Command-line CCACHE file editor. It can list/delete credentials in a CCACHE file.