├── Convert-Invoke-Kerberoast.py
└── README.md


/Convert-Invoke-Kerberoast.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import argparse
 4 | import os
 5 | import io
 6 | import re
 7 | 
 8 | def format_Data(fHandle):
 9 |     fh = io.open(fHandle, 'r')
10 |     SamAccountName = ''
11 |     DistinguishedName = ''
12 |     Hash = ''
13 |     Hashes = []
14 |     try:
15 |         for line in fh:
16 |             #Grab the SamAccountName
17 |             if "SamAccountName" in line:
18 |                 stuff = line.split(':')
19 |                 SamAccountName = stuff[1].strip()
20 |             #Grab the DistinguishedName
21 |             if "DistinguishedName" in line:
22 |                 stuff = line.split(':')
23 |                 stuff = line.split(',')
24 |                 DistinguishedName = "{0}.{1}".format(stuff[-2].strip().replace('DC=',''),stuff[-1].strip().replace('DC=',''))
25 |             #Grab Hash Line
26 |             if "Hash" in line:
27 |                 stuff = line.split(' :')
28 |                 Hash += stuff[1].strip()
29 |             #Grab Hash Line
30 |             if "                       " in line:
31 |                 Hash += line.strip()
32 |             if line == '\n':
33 |                 Hashes.append(re.sub(r'\*.*\*',"*{0}${1}$spn*$".format(SamAccountName,DistinguishedName), Hash))
34 |                 SamAccountName = ''
35 |                 DistinguishedName = ''
36 |                 Hash = ''
37 |                 pass
38 |     except:
39 |         pass
40 |     return Hashes
41 | 
42 | 
43 | parser = argparse.ArgumentParser(description='Parser of Kerberoast output from Invoke-Kerberoast')
44 | 
45 | parser.add_argument('-f', action="store", dest="inputHandle", required=True)
46 | parser.add_argument('-w', action="store", dest="outputHandle")
47 | 
48 | parsed = parser.parse_args()
49 | 
50 | if(os.path.isfile(parsed.inputHandle)):
51 |     print("Opening file: {0}").format(parsed.inputHandle)
52 |     output = format_Data(parsed.inputHandle)
53 |     if parsed.outputHandle:
54 |         fOutput = open(parsed.outputHandle, 'w')
55 |         for element in output:
56 |             fOutput.write(element)
57 |             fOutput.write('\n')
58 |         fOutput.close()
59 |         print("Hashes written to: {0}".format(parsed.outputHandle))
60 |     else:
61 |         for element in output:
62 |             print(element)
63 |             print('\n')
64 | else:
65 |     print("Error opening file: {0}").format(parsed.inputHandle)
66 |     exit()
67 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Convert-Invoke-Kerberoast
 2 | ==========
 3 | 
 4 | Converts the output from Invoke-Kerberoast.ps1 into a hashcat format.
 5 | 
 6 | When using [Invoke-Kerberoast](https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1) and you output the hashes they aren't in the correct format to crack straight away with hashcat. You can manually handjam them, but if you get multiple hashes it can be trouble some. This script will output to the console or to a file to the right format.
 7 | 
 8 | Example:
 9 | ```
10 | python Convert-Invoke-Kerberoast.py -f tickets.txt -w hashes.txt
11 | ```
12 | 
13 | 
14 | Hashcat:
15 | 
16 | ```
17 | hashcat hashes.txt -m 13100 -a 3
18 | ```
19 | 


--------------------------------------------------------------------------------