ID09 | ASREProast

Making a user vulnerable to ASREProasting by disabling Kerberos pre-authentication.

References:

• The Hacker Recipes (ASREProasting)

Table of availables actions, states, and targets

Vulnerability ID	Trigger available	Default state	Default target
09 | ASREProast	No	Absent	dc01 & jessie.pinkman

Launch

Enable

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/09.yml --extra-vars "action=enable"

Disable

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/09.yml --extra-vars "action=disable"

Implementation

Enable

Kerberos pre-authentication is disabled.

Reference:

• 09/enable/tasks/main.yml

Disable

Kerberos pre-authentication is enabled.

Reference:

• 09/disable/tasks/main.yml

Customization

You can choose another target than the default one.

user_name = any user
action = enable | disable

Example with the user walter.white:

# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/09.yml --extra-vars "action=enable user_name=walter.white"