Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented kerberoast results limit #121

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

VbScrub
Copy link
Contributor

@VbScrub VbScrub commented Dec 2, 2021

Fixes #120

Not really sure why this wasn't already implemented as there was an argument for it in the kerberoast function and its mentioned a few times in the documentation, so I assume it must have worked at some point...

The way I've implemented it, if the user also uses /stats then this won't affect that. Not sure if you guys will think that's a good thing or a bad thing. I feel like its ok as you wouldn't really want to use stats to see how many users are vulnerable but then limit the number as well.

@0xe7
Copy link
Contributor

0xe7 commented Dec 2, 2021

it looks like I trashed this when I added LDAPS support, to do this properly, SizeLimit on the LDAP searcher should be set in Networking.GetLdapQuery. IDK if you want to do that or I can later.

@VbScrub
Copy link
Contributor Author

VbScrub commented Dec 2, 2021

Oh yeah I did look at doing it like that originally but then saw the LDAPS stuff that uses the lower level directoryservices protocols stuff and wasn't sure how to set the size limit on that. Also there's some kind of interaction between the SizeLimit and PageSize properties on the DirectorySearcher class and the internet can't seem to agree on how exactly that works. So yeah I figured I'd just do it the easy way with a manual counter which definitely won't mess anything up. If you want to close this PR and do it the other way instead, be my guest :)

@HarmJ0y
Copy link
Member

HarmJ0y commented Dec 13, 2021

I'm fine either way @0xe7 , we can land this or you can do the other approach if wanted 👍

@0xe7
Copy link
Contributor

0xe7 commented Dec 13, 2021

if you're fine with it this way then we can land it, sorry, I've been meaning to get around to doing this, just haven't yet...

@TH3xACE
Copy link

TH3xACE commented Jun 23, 2022

@VbScrub I know this is a bit old... but if I understand well... all kerberosting accounts/hashes are retrieved and then only x number is then displayed based on user input from argument /SizeLimit ? I think that a better approach due to opsec, would be if possible to limit the request due Sizelimit than to get all and display only x hashes ? what do you guys think ? maybe @0xe7 idea would allow this ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

resultlimit not working with kerberoast
4 participants