Skip to content

Commit 389a1d7

Browse files
adityatelangeadityatelange
committed
Update usage documentation to include instructions for generating hosts and krb5.conf files
1 parent 51eab84 commit 389a1d7

File tree

1 file changed

+31
-1
lines changed

1 file changed

+31
-1
lines changed

docs/usage.md

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,36 @@ evil-winrm-py -i <IP> -u <USERNAME> -p <PASSWORD>
1212

1313
Kerberos authentication supports both password-based and ticket-based authentication.
1414

15+
#### Generate hosts file entry
16+
17+
Use `netexec` to generate a hosts file entry for the target domain.
18+
19+
```bash
20+
netexec smb sevenkingdoms.local --generate-hosts-file hosts.txt
21+
```
22+
23+
Copy the content of `hosts.txt` to your `/etc/hosts` file.
24+
25+
> [!IMPORTANT]
26+
> If you are adding an entry manually, ensure you follow the correct format for subdomains and fully qualified domain names (FQDNs). Kerberos uses SPNEGO, which relies on a specific algorithm to resolve hostnames. For more details, see [SPNEGO algorithm to resolve host names](https://www.ibm.com/docs/en/samfm/8.0.1?topic=spnego-algorithm-resolve-host-names).
27+
>
28+
> The format is as follows:
29+
>
30+
> ```
31+
> <IP> fully_qualified_hostname short_name
32+
> <IP> kingslanding.sevenkingdoms.local sevenkingdoms.local kingslanding
33+
> ```
34+
35+
#### Generate krb5.conf file
36+
37+
Use `netexec` to generate a `krb5.conf` file for the target domain.
38+
39+
```bash
40+
netexec smb sevenkingdoms.local --generate-krb5-file krb5.conf
41+
```
42+
43+
Sample `krb5.conf` file can be found [here](https://github.com/adityatelange/evil-winrm-py/blob/main/docs/sample/krb5.conf).
44+
1545
#### Password-based Kerberos Authentication
1646

1747
This will request a Kerberos ticket and store it in memory for the session.
@@ -24,7 +54,7 @@ evil-winrm-py -i <IP> -u <USERNAME> -p <PASSWORD> --kerberos
2454

2555
If you already have a Kerberos ticket (e.g., from `kinit`), you can use it directly without providing a password.
2656

27-
Specify the `KRB5CCNAME` and `KRB5_CONFIG` environment variables to point to your Kerberos ticket cache and configuration file, respectively. Sample `krb5.conf` file can be found [here](https://github.com/adityatelange/evil-winrm-py/blob/main/docs/sample/krb5.conf).
57+
Specify the `KRB5CCNAME` and `KRB5_CONFIG` environment variables to point to your Kerberos ticket cache and configuration file, respectively.
2858

2959
```bash
3060
export KRB5CCNAME=/path/to/your/krb5cc_file

0 commit comments

Comments
 (0)