Implemented kerberoast results limit #121
Conversation
|
it looks like I trashed this when I added LDAPS support, to do this properly, |
|
Oh yeah I did look at doing it like that originally but then saw the LDAPS stuff that uses the lower level directoryservices protocols stuff and wasn't sure how to set the size limit on that. Also there's some kind of interaction between the SizeLimit and PageSize properties on the DirectorySearcher class and the internet can't seem to agree on how exactly that works. So yeah I figured I'd just do it the easy way with a manual counter which definitely won't mess anything up. If you want to close this PR and do it the other way instead, be my guest :) |
|
I'm fine either way @0xe7 , we can land this or you can do the other approach if wanted 👍 |
|
if you're fine with it this way then we can land it, sorry, I've been meaning to get around to doing this, just haven't yet... |
|
@VbScrub I know this is a bit old... but if I understand well... all kerberosting accounts/hashes are retrieved and then only x number is then displayed based on user input from argument /SizeLimit ? I think that a better approach due to opsec, would be if possible to limit the request due Sizelimit than to get all and display only x hashes ? what do you guys think ? maybe @0xe7 idea would allow this ? |
Fixes #120
Not really sure why this wasn't already implemented as there was an argument for it in the kerberoast function and its mentioned a few times in the documentation, so I assume it must have worked at some point...
The way I've implemented it, if the user also uses
/statsthen this won't affect that. Not sure if you guys will think that's a good thing or a bad thing. I feel like its ok as you wouldn't really want to use stats to see how many users are vulnerable but then limit the number as well.