infosecn1nja
/
Rubeus
mirror of https://github.com/infosecn1nja/Rubeus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Rubeus/CHANGELOG.md

3.2 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.3.0] - 2019-02-05

Added

  • klist action
    • lists current user's (or if elevated, all users') ticket information

Changed

  • s4u landed @eladshamir's pull requests
    • RBCD support
    • support loading TGS from Kirbi to skip S4U2Self and perform S4U2Proxy only
    • perform S4U2Self only
    • print output for each stage
  • asreproast landed @rvrsh3ll's pull request
    • added hashcat output format
  • asktgt landed @qlemaire's pull request
    • now accepts a /password:X parameter
  • monitor and harvest landed @djhohnstein's pull request
    • ticket extraction can now be saved to the registry with the "/registry:X" flag

Fixed

  • dump display of service tickets with multiple slashes
  • response buffer size in lib/Networking.cs increased for large ticket responses
  • landed @BlueSkeye's fixes for PTT bug fix, TicketFlags display, and dead code removal in PA_DATA.Encode

[1.2.1] - 2018-10-09

Changed

  • Merged @mark-s' PR that broke out Program.cs' commands into 'Command' classes for easier command addition.
  • Commands that pass /dc:X are now passed through Networking.GetDCIP(), which resolves the DC name (if null) and returns the DC IP. Code refactored to use this centralized resolver.
  • The /user:USER flag can now be /user:DOMAIN.COM\USER (auto-completes /domain:Y).
  • The harvest command now returns the user ticket with the latest renew_till time on intial extraction.

[1.2.0] - 2018-10-03

Added

  • changepw action
    • implements the AoratoPw user password reset from a TGT .kirbi
    • equivalent to Kekeo's misc::changepw function

[1.1.0] - 2018-09-31

Added

  • asktgs action - takes /ptt:X, /dc:X, /ticket:X flags like asktgt, /service:X takes one or more SPN specifications
  • tgtdeleg action - reimplements @gentilkiwi's Kekeo tgt::deleg function
    • uses the GSS-API Kerberos specification (RFC 4121) to request a "fake" delegation context that stores a KRB-CRED in the Authenticator Checksum. Combined with extracting the service session key from the local cache, this allows us to recover usable TGTs for the current user without elevation.
  • Added CHANGELOG.md

Changed

  • s4u action now accepts multiple alternate snames (/altservice:X,Y,...)
    • This executes the S4U2self/S4U2proxy process only once, and substitutes the multiple alternate service names into the final resulting service ticket structure(s) for as many snames as specified
  • asreproast action
    • added eventual hashcat output format, use "/format:<john/hashcat>" (default of "john")

Fixed

  • dump action now correctly extracts ServiceName/TargetName strings
  • asreproast action - fixed salt demarcation line for "asreproast" hashes
  • kerberoast action
    • Added reference for @machsosec for the KerberosRequestorSecurityToken.GetRequest Kerberoasting Method()
    • Corrected encType extraction for the hash output

[1.0.0] - 2018-08-24

  • Initial release