Add ability to be prompted for password instead of passing it on the command line

Question

Add ability to be prompted for password instead of passing it on the command line

Marshall-Hallenbeck opened this issue 4 years ago · 3 comments

Marshall-Hallenbeck commented 4 years ago

It would be helpful if you could enter everything on the command line except the password, and instead be prompted for it when connecting to a DC so the password doesn't show up in the user's history

Answer 1 · 2020-06-16T13:58:21.000Z

Hello. I have updated the code for the minikerberos library to support that.
Please use the -prompt extension when secifying the secret type in the url.
Example: kerberos+password-prompt://TEST\victim@10.0.0.1

Answer 2 · 2020-06-17T13:33:52.000Z

@skelsec sorry I should have specified, I'm using the LDAPS protocol, so something like:

kerberoast ldap full "ldaps://DOMAIN\\USER@10.0.0.1" -o ldapenum

Is it possible to add a password prompt for the LDAPS protocol as well?

Answer 3 · 2020-06-17T13:34:58.000Z

For reference this is the error I get if I do ldaps+password-prompt:


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/msldap-0.3.5-py3.7.egg/msldap/commons/url.py", line 207, in scheme_decoder
    x = PLAINTEXTSCHEME(schemes[1])
  File "/usr/lib/python3.7/enum.py", line 310, in __call__
    return cls.__new__(cls, value)
  File "/usr/lib/python3.7/enum.py", line 564, in __new__
    raise exc
  File "/usr/lib/python3.7/enum.py", line 548, in __new__
    result = cls._missing_(value)
  File "/usr/lib/python3.7/enum.py", line 577, in _missing_
    raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'PASSWORD_PROMPT' is not a valid PLAINTEXTSCHEME

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/msldap-0.3.5-py3.7.egg/msldap/commons/url.py", line 257, in scheme_decoder
    self.auth_scheme = LDAPAuthProtocol(schemes[1])
  File "/usr/lib/python3.7/enum.py", line 310, in __call__
    return cls.__new__(cls, value)
  File "/usr/lib/python3.7/enum.py", line 564, in __new__
    raise exc
  File "/usr/lib/python3.7/enum.py", line 548, in __new__
    result = cls._missing_(value)
  File "/usr/lib/python3.7/enum.py", line 577, in _missing_
    raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'PASSWORD_PROMPT' is not a valid LDAPAuthProtocol

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/kerberoast", line 11, in <module>
    load_entry_point('kerberoast==0.1.3', 'console_scripts', 'kerberoast')()
  File "/usr/local/lib/python3.7/dist-packages/kerberoast-0.1.3-py3.7.egg/kerberoast/kerberoast.py", line 643, in main
  File "/usr/lib/python3.7/asyncio/runners.py", line 43, in run
    return loop.run_until_complete(main)
  File "/usr/lib/python3.7/asyncio/base_events.py", line 584, in run_until_complete
    return future.result()
  File "/usr/local/lib/python3.7/dist-packages/kerberoast-0.1.3-py3.7.egg/kerberoast/kerberoast.py", line 443, in amain
  File "/usr/local/lib/python3.7/dist-packages/msldap-0.3.5-py3.7.egg/msldap/commons/url.py", line 116, in __init__
    self.parse()
  File "/usr/local/lib/python3.7/dist-packages/msldap-0.3.5-py3.7.egg/msldap/commons/url.py", line 265, in parse
    self.scheme_decoder(url_e.scheme)
  File "/usr/local/lib/python3.7/dist-packages/msldap-0.3.5-py3.7.egg/msldap/commons/url.py", line 259, in scheme_decoder
    raise Exception('Uknown scheme!')
Exception: Uknown scheme!```