A BOF port of the Mimikatz/Rubeus hash command to hash passwords to kerberos keys (rc4_hmac, aes128_cts_hmac_sha1, aes256_cts_hmac_sha1, and des_cbc_md5).
- Make sure that Mingw-w64 (including mingw-w64-binutils) has been installed.
- Enter the SOURCE folder within the tool folder.
- Type "make" to compile the object files.
- Use Cobal Strike script manager to import the
KerbHash.cnascript.
Running the tool is straightforward. Once you imported the CNA script using Cobalt Strike's Script Manager, they are available as Cobalt Strike commands that can be executed within a beacon. This tools supports the following commands:
- KerbHash [password] [username] [domain.fqdn]
- Hash useraccount password:
KerbHash Welcome123 adminuser domain.local - Hash computeraccount password:
KerbHash Welcome123 SERVER$ domain.local
This BOF tool has been successfully compiled on Mac OSX systems and used on Windows 8.1+ (x64) systems. Compiling the BOF code should also work on other systems (Linux, Windows) that have the Mingw-w64 compiler installed.
This code is inspired by @gentilkiwi's https://github.com/gentilkiwi/mimikatz and GhostPack/Rubeus: https://github.com/GhostPack/Rubeus