[changed]
-Merged @mark-s' PR that broke out Program.cs' commands into 'Command' classes for easier command addition.
-Commands that pass /dc:X are now passed through Networking.GetDCIP(), which resolves the DC name (if null) and returns the DC IP. Code refactored to use this centralized resolver.
-The /user:USER flag can now be /user:DOMAIN.COM\USER (auto-completes /domain:Y).
-The "harvest" command now returns the user ticket with the latest renew_till time on intial extraction.
[new] "asktgs" action
-takes /ptt:X, /dc:X, /ticket:X flags like asktgt
- /service:X takes one or more SPN specifications
[new] "tgtdeleg" action
-reimplements @gentilkiwi's Kekeo tgt::deleg action
-uses the GSS-API Kerberos specification (RFC 4121) to request a "fake" delegation context that stores a KRB-CRED in the Authenticator Checksum
-combined with extracting the service session key from the local cache, this allows us to recover usable TGTs for the current user without elevation
[added] "s4u" action
-Added option for multiple alternate snames (/altservice:X,Y,...)
-This executes the S4U2self/S4U2proxy process only once, and substitutes the multiple alternate service names
into the final resulting service ticket structure(s) for as many snames as specified
[fix] "dump" action
-Corrected extraction of complete ServiceName/TargetName strings
[fix] "asreproast" action
-fixed salt demarcation line for "asreproast" hashes
-added eventual hashcat output format, use "/format:<john/hashcat>", default of "john"
[fix] "kerberoast" action
-Added reference for @machsosec for the KerberosRequestorSecurityToken.GetRequest Kerberoasting Method()
-Corrected encType extraction for the hash output
--The executes the S4U2self/S4U2proxy process only once, and substitutes the multiple alternate
service names into the final resulting service ticket structure(s) for as many snames as specified
Lee Christensen
Steve Borosh
Will
Elad Shamir
HarmJ0y
Mark
a