From a2c8231dcf0cc44730fb7edfdd5560bae3d0a95f Mon Sep 17 00:00:00 2001 From: Magnus Stubman Date: Wed, 6 Apr 2022 09:18:55 +0200 Subject: [PATCH] add usernameaspassword option --- kerbrute/main.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kerbrute/main.py b/kerbrute/main.py index 021ace4..172d902 100644 --- a/kerbrute/main.py +++ b/kerbrute/main.py @@ -48,6 +48,7 @@ def _define_args(self): password_group = self._parser.add_mutually_exclusive_group() password_group.add_argument('-password', help='Password to perform bruteforcing') password_group.add_argument('-passwords', help='File with password per line') + password_group.add_argument('-usernameaspassword', action='store_true', help='use username as password', default=False) self._parser.add_argument('-domain', required=True, help='Domain to perform bruteforcing') @@ -108,7 +109,7 @@ def main(): out_users_file = open(args.outputusers, "w") if args.outputusers else None kerberos_bruter = KerberosBruter(args.domain, args.dc_ip, args.save_ticket, out_creds_file, out_users_file) - kerberos_bruter.attack(args.users, args.passwords, args.threads) + kerberos_bruter.attack(args.users, args.passwords, args.threads, usernameaspassword=args.usernameaspassword) if out_creds_file: out_creds_file.close() @@ -142,12 +143,14 @@ def __init__(self, domain, kdc_host, save_ticket=True, out_creds_file=None, out_ self.out_creds_file = out_creds_file self.out_users_file = out_users_file - def attack(self, users, passwords, threads=1): + def attack(self, users, passwords, threads=1, usernameaspassword=False): pool = ThreadPoolExecutor(threads) threads = [] for password in passwords: for user in users: + if usernameaspassword: + password = user t = pool.submit(self._handle_user_password, user, password) threads.append(t)