ID08 | Kerberoasting

Making a user vulnerable to Kerberoasting by giving him an SPN.

References:

• The Hacker Recipes (Kerberoasting)

Table of availables actions, states, and targets

Vulnerability ID	Trigger available	Default state	Default target
08 | Kerberoasting	No	Absent	dc01 & saul.goodman

Launch

Enable

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/08.yml --extra-vars "action=enable"

Disable

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/08.yml --extra-vars "action=disable"

Implementation

Enable

A SPN is added for a user.

Reference:

• 08/enable/tasks/main.yml

Disable

The SPN is deleted from the user.

Reference:

• 08/disable/tasks/main.yml

Customization

You can choose another target than the default one.

user_name = any user
action = enable | disable

Example with the user walter.white:

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/08.yml --extra-vars "action=enable user_name=walter.white"