metasploit-framework
metasploit-framework copied to clipboard
Published
20 hours ago •
rapid7
rapid7
Add Kerberos keytab module
Add initial kutil support for listing and adding entries to keytab file:
msf6 auxiliary(admin/kerberos/ktutil) > rerun keytab_file=/tmp/example.keytab
[*] Reloading module...
Keytab entries
==============
vno type principal hash date
--- ---- --------- ---- ----
1 18 (AES256) [email protected] 54d8d7c76dd916efe1cd34e5acb6daf052078242c573aa968448a74ebe1776a5 2022-09-30 13:56:27 +0100
1 17 (AES128) [email protected] ec12451627c361a529e12b0c29a7ffe0 2022-09-30 13:56:30 +0100
1 23 (RC4_HMAC) [email protected] 8846f7eaee8fb117ad06bdd830b7586c 2022-09-30 13:56:33 +0100
[*] Auxiliary module execution completed
msf6 auxiliary(admin/kerberos/ktutil) >
I've verified this with the output of ktutil on Mac:
rm example.keytab
ktutil --keytab=./example.keytab --verbose add --password=password [email protected] --enctype=aes256-cts-hmac-sha1-96 --kvno=1
ktutil --keytab=./example.keytab --verbose add --password=password [email protected] --enctype=aes128-cts-hmac-sha1-96 --kvno=1
ktutil --keytab=./example.keytab --verbose add --password=password [email protected] --enctype=arcfour-hmac-md5 --kvno=1
ktutil --keytab=./example.keytab --verbose list
As well as ktpass from window's cmt prompt:
ktpass /crypto All /princ [email protected] /pass p4$$w0rd /out demo.keytab /ptype KRB5_NT_PRINCIPAL
Verification
List the steps needed to make sure this thing works
- [ ] Verify keytab files can be parsed using the Metasploit module
- [ ] Verify keytab files can have entries added
