-
Notifications
You must be signed in to change notification settings - Fork 56
pkg kerberos
Jacob Paullus edited this page Apr 17, 2026
·
1 revision
Full Kerberos 5 client supporting ccache, keytab, and password authentication. Includes ticket forging (golden/silver), AS-REP roasting, key list attacks, and PAC parsing.
func NewClientFromSession(creds *session.Credentials, target session.Target, dcIP string) (*Client, error)Credential resolution order:
-
KRB5CCNAMEenvironment variable -> ccache file -
<username>.ccachein current directory -
creds.Keytab-> keytab file -
creds.Password-> password-based AS-REQ
| Method | Signature | Description |
|---|---|---|
GenerateAPReq |
(spn string) ([]byte, []byte, error) |
AP-REQ for SMB auth |
GenerateAPReqFull |
(spn string) ([]byte, EncryptionKey, error) |
AP-REQ with full key |
GenerateAPReqWithBinding |
(spn string, channelBinding []byte) (...) |
AP-REQ with TLS channel binding |
GenerateDCERPCToken |
(spn string) ([]byte, EncryptionKey, error) |
AP-REQ wrapped in SPNEGO for DCE/RPC |
| File | Key Functions | Description |
|---|---|---|
gettgt.go |
GetTGT(req TGTRequest) (*TGTResult, error) |
Request a TGT via AS-REQ |
getst.go |
GetST(tgtRes *TGTResult, spn string) (...) |
Request service ticket via TGS-REQ |
ticketer.go |
ForgeTicket(...) |
Forge golden/silver tickets |
asrep.go |
ASREPRoast(...) |
AS-REP roasting (no pre-auth) |
keylist.go |
KeyListAttack(...) |
KERB-KEY-LIST-REQ (RODC attack) |
pac.go |
PAC parsing types and functions | Decode PAC from tickets |
keytab.go |
Keytab utilities | Load and manipulate keytab files |
func WrapInSPNEGO(krb5Token []byte) ([]byte, error)package main
import (
"fmt"
"gopacket/pkg/kerberos"
"gopacket/pkg/session"
)
func main() {
creds := &session.Credentials{
Domain: "CORP.LOCAL",
Username: "admin",
Password: "Password1",
}
target := session.Target{Host: "dc01.corp.local"}
krbClient, err := kerberos.NewClientFromSession(creds, target, "10.0.0.1")
if err != nil {
fmt.Printf("[-] %v\n", err)
return
}
apReq, sessionKey, err := krbClient.GenerateAPReq("cifs/dc01.corp.local")
if err != nil {
fmt.Printf("[-] %v\n", err)
return
}
fmt.Printf("[+] AP-REQ: %d bytes, session key: %d bytes\n", len(apReq), len(sessionKey))
}