Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jalvarezz13/krb5roastparser
KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes
https://github.com/jalvarezz13/krb5roastparser
Last synced: about 1 month ago
JSON representation
KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes
- Host: GitHub
- URL: https://github.com/jalvarezz13/krb5roastparser
- Owner: jalvarezz13
- License: mit
- Created: 2024-11-01T12:15:24.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-01T13:04:06.000Z (about 2 months ago)
- Last Synced: 2024-11-01T14:18:15.461Z (about 2 months ago)
- Language: Python
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Krb5RoastParser
## 📑 Table of Contents
- [❓ What is Krb5RoastParser?](#-what-is-krb5roastparser)
- [⭐ Features](#-features)
- [⚙️ Installation](#%EF%B8%8F-installation)
- [▶️ Execution](#%EF%B8%8F-execution)
- [📈 Post Execution](#-post-execution)
- [📜 License](#-license)## ❓ What is **Krb5RoastParser**?
**Krb5RoastParser** is a tool designed to parse Kerberos authentication packets (AS-REQ, AS-REP and TGS-REP) from `.pcap` files and generate password-cracking-compatible hashes for security testing. By leveraging `tshark`, Krb5RoastParser extracts necessary details from Kerberos packets, providing hash formats ready for tools like Hashcat.
## ⭐ Features
- Parse AS-REQ, AS-REP and TGS-REP packets from `.pcap` files.
- Generate hashes compatible with Hashcat for password-cracking.
- Easy to extend for future hash formats (e.g., `john`).## ⚙️ Installation
### Prerequisites
Ensure you have:
- Python 3.7 or higher
- `tshark` installed and accessible in your PATHTo install `tshark` (if not already installed):
```bash
# On Debian/Ubuntu
sudo apt update
sudo apt install tshark -y# On macOS (using Homebrew)
brew install wireshark# On Windows is included in the Wireshark installation
```### Clone the Repository
```bash
git clone https://github.com/jalvarezz13/Krb5RoastParser.git
cd Krb5RoastParser
```## ▶️ Execution
To run Krb5RoastParser, use the following syntax:
```bash
python krb5_roast_parser.py
```- ``: The path to the `.pcap` file containing Kerberos packets.
- ``: Specify the type of Kerberos packet to parse.
- Use `as_req` for AS-REQ packets
- Use `as_rep` for AS-REP packets
- Use `tgs_rep` for TGS-REP packets### Example Commands
Parse AS-REQ packets:
```bash
python krb5_roast_parser.py sample.pcap as_req
```Parse AS-REP packets:
```bash
python krb5_roast_parser.py sample.pcap as_rep
```Parse TGS-REP packets:
```bash
python krb5_roast_parser.py sample.pcap tgs_rep
```### Output
- For `as_req`: The output will be in `$krb5pa$18$...` format.
- For `as_rep`: The output will be in `$krb5asrep$23$...` format.
- For `tgs_rep`: The output will be in `$krb5tgs$23$...` format.These outputs are compatible with Hashcat hash modes.
> [!NOTE]
> By the moment, the tool only supports these hash formats. If you need support for other hash formats, feel free to open an issue or submit a pull request.## 🔓 Post Execution
Once you have the generated hashes, you can use Hashcat to attempt to crack them.
### Cracking AS-REQ Hashes
For AS-REQ hashes, use Hashcat mode `19900`:
```bash
hashcat -m 19900
```### Cracking AS-REP Hashes
For AS-REP hashes, use Hashcat mode `18200`:
```bash
hashcat -m 18200
```### Cracking TGS-REP Hashes
For TGS-REP hashes, use Hashcat mode `18200`:
```bash
hashcat -m 13100
```Replace `` with the file containing the extracted hashes and `` with your wordlist file.
## 📜 License
This project is licensed under the MIT License. See the `LICENSE` file for more information.