setup /etc/hosts and kerberos

sudo nano /etc/hosts

# Host addresses
127.0.0.1  localhost
127.0.1.1  parrot
::1        localhost ip6-localhost ip6-loopback
ff02::1    ip6-allnodes
ff02::2    ip6-allrouters

192.168.56.10   newyork.local nyc.newyork.local nyc
192.168.56.11   bronx.north.newyork.local north.newyork.local bronx
192.168.56.12   maryland.local baltimore.maryland.local baltimore
192.168.56.22   yonkers.north.newyork.local yonkers
192.168.56.23   salisbury.maryland.local salisbury
192.168.56.24   wsus.newyork.local wsus

Setting up Kerberos

install the Linux kerberos client

sudo apt install krb5-user

realm

servers

Now, let's go ahead and edit /etc/krb5.conf

sudo nano /etc/krb5.conf

[libdefaults]
  default_realm = maryland.local
  kdc_timesync = 1
  ccache_type = 4
  forwardable = true
  proxiable = true
  fcc-mit-ticketflags = true
[realms]
  north.newyork.local = {
      kdc = bronx.north.newyork.local
      admin_server = bronx.north.newyork.local
  }
  newyork.local = {
      kdc = nyc.newyork.local
      admin_server = nyc.newyork.local
  }
  maryland.local = {
      kdc = baltimore.maryland.local
      admin_server = baltimore.maryland.local
  }

getTGT.py maryland.local/joaquin.Pereida:horse


Saving ticket in joaquin.Pereida.ccache
export KRB5CCNAME=/workspace/joaquin.Pereida.ccache


smbclient.py -k @baltimore.maryland.local

smbclient --use-krb5-ccache=joaquin.Pereida.ccache

PreviousUser Enumeration Exploit NextExploiting Username - ASREPRoast

Last updated 2 years ago