Added support for AS-REP Roasting with AES encryption types #156
+115
−17
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed that the AS-REP Roasting functionality only supported RC4, so I added support for AES encryption types as well (etype 17 and 18) through the
/aes
flag, after encountering an environment where RC4 was apparently disabled completely.For example, I would get the following error message when attempting AS-REP Roasting against accounts in this environment:
To replicate this, I configured the following Group Policy setting on my test Server 2019 domain controller to only support
AES128_HMAC_SHA1
andAES256_HMAC_SHA1
:Once this configuration is applied (on my Server 2019 setup at least), only the AES encryption types would work in Kerberoasting and AS-REP Roasting attacks, even if the "This account supports Kerberos AES 128/256 bit encryption" account settings aren't enabled on the target accounts. For this reason I followed a slightly different approach to how the Kerberoasting module handles AES. When the
/aes
flag is specified withasreproast
, instead of searching for the UAC flags indicating whether an account supports AES, it will simply request etype 17 directly. If aKDC_ERR_ETYPE_NOTSUPP
error is encountered it will try again with etype 18.Hashcat and John output is supported. John output for etype 18 is in the format
$krb5asrep$18$salt$edata2$checksum
, as per the comments and test hashes in the source code for John's AS-REP Roasting module. Etype 17 is basically the same.Haschat output for etype 18 is in the format
$krb5asrep$18$user$realm$checksum$edata2
. Hashcat doesn't currently support AES AS-REPs yet, but I've submitted a pull request (hashcat/hashcat#3729) for it that'll use this hash format, which is intended to be similar to Hashcat's format for AES TGS-REPs.