Using Kerberos

Using Kerberos authentication with crackmapexec

Using Kerberos

CME does support Kerberos authentication, use KRB5CCNAME env name to specify the ticket.

when using the option --kerberos, you need to specify the same hostname (FQDN) as the one from the kerberos ticket

$ export KRB5CCNAME=/home/bonclay/impacket/administrator.ccache
$ cme smb zoro.gold.local --kerberos
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\administrator (Pwn3d!)
$ sudo cme smb zoro.gold.local --kerberos -x whoami
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\administrator (Pwn3d!)
SMB zoro.gold.local 445 ZORO [+] Executed command
SMB zoro.gold.local 445 ZORO gold\administrator
$ export KRB5CCNAME=/home/bonclay/impacket/bonclay.ccache
$ sudo cme smb zoro.gold.local --kerberos -x whoami
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\bonclay
kerberos-cme