Rubeus
Rubeus copied to clipboard
GhostPack
Trying to tame the three-headed dog.
Hey! In this PR I'd like to bring automatic RBCD exploitation when using a normal user account (i. e., UPNs instead of SPNs). The original [research](https://www.tiraniddo.dev/2022/05/exploiting-rbcd-using-normal-user.html) was presented by @tyranid....
I happened across some weirdness with UserPrincipalNames, especially ones which contain a forward slash, and AES authentication with UserPrincipalNames and thought I would try and implement the findings in asktgt...
Fixes #120 Not really sure why this wasn't already implemented as there was an argument for it in the kerberoast function and its mentioned a few times in the documentation,...
This prevents Rubeus from killing your process when running certain functions inline (or in a non sacrificial process). To reproduce, run current Rubeus through inline-ExecuteAssembly in monitor mode for X...
 User Jax in domain A, is a member of more than 100 groups (DL). however, I can't see those domain local groups SIDs in PAC when decrypting TGT 
Just a general code cleanup. Better readability and fewer allocations. - Removed redundant usings and qualifiers - Use string interpolation instead of string.Format(). Better readability an reduces allocations as it...
Hi, First of all thanks for this amazing tool... there seems to be an issue with the argument resultlimit... I have tested it with kerberoast and asreproast. Thanks.
If there is a user account with its username in AD set as "test" (all lowercase) and you try to use brute with the username in capitals, it tells me...
When reading a PKCS12 certificate file (/certificate:C:\bla\bla), check if the content is base64 encoded. Super handy with all this hot AD CS relaying
While running brute force password against kerberos using a password against set list of users, in scenario where the password matches for a user, but is expired, the Rubeus abruptly...
