Merge pull request #7 from p0dalirius/Fix-kerberos-authentication-using-IP-instead-of-FQDN

[bugfix] Fixed kerberos authentication, fixes #6

Author: p0dalirius

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "sharehound"
-version = "1.0.1"
+version = "1.0.2"
 description = "A Python script to generate a bloodhound opengraph of the rights of shares on a remote Windows machine."
 readme = "README.md"
 requires-python = ">=3.11"

setup.py

@@ -14,7 +14,7 @@
 
 setuptools.setup(
     name="sharehound",
-    version="1.0.1" ,
+    version="1.0.2" ,
     description="A Python script to generate a bloodhound opengraph of the rights of shares on a remote Windows machine.",
     url="https://github.com/p0dalirius/ShareHound",
     author="Podalirius",

sharehound/__main__.py

@@ -252,6 +252,27 @@ def parseArgs():
         type=str,
         help="LM:NT hashes to pass the hash for this user.",
     )
+    group_targets_source.add_argument(
+        "-ak",
+        "--auth-key",
+        default=None,
+        type=str,
+        help="Kerberos key to use for authentication.",
+    )
+    group_targets_source.add_argument(
+        "-k",
+        "--use-kerberos",
+        default=False,
+        action="store_true",
+        help="Use Kerberos for authentication (default: False)",
+    )
+    group_targets_source.add_argument(
+        "-kh",
+        "--kdc-host",
+        default=None,
+        type=str,
+        help="KDC host to use for Kerberos authentication (default: None)",
+    )
     group_targets_source.add_argument(
         "--ldaps", default=False, action="store_true", help="Use LDAPS (default: False)"
     )
@@ -289,7 +310,7 @@ def parseArgs():
     ):
         parser.print_help()
         print(
-            "\n[!] Option --auth-dc-ip is required when using --auth-user, --auth-password, --auth-hashes, --auth-domain"
+            "\n[!] Option --auth-dc-ip is required when using --auth-domain/--auth-user/--auth-password/--auth-hashes/--auth-key/--use-kerberos/"
         )
         sys.exit(0)
 

sharehound/__version__.py

@@ -4,4 +4,4 @@
 # Author             : Remi Gascou (@podalirius_)
 # Date created       : 12 Aug 2025
 
-__version__ = "1.0.1"
+__version__ = "1.0.2"

sharehound/core/SMBSession.py

@@ -73,6 +73,7 @@ class SMBSession(object):
     config: Config
     logger: Logger
     host: str
+    remote_name: str
     port: int
     timeout: int
     advertisedName: Optional[str]
@@ -97,6 +98,7 @@ def __init__(
         port,
         timeout,
         credentials,
+        remote_name=None,
         advertisedName=None,
         config=None,
         logger=None,
@@ -108,6 +110,7 @@ def __init__(
 
         # Target server
         self.host = host
+        self.remote_name = remote_name or host
         # Target port (by default on 445)
         self.port = port
         # Timeout (default 3 seconds)
@@ -165,7 +168,7 @@ def init_smb_session(self) -> bool:
             result, error = is_port_open(self.host, self.port, self.timeout)
             if result:
                 self.smbClient = SMBConnection(
-                    remoteName=self.host,
+                    remoteName=self.remote_name,
                     remoteHost=self.host,
                     myName=self.advertisedName,
                     sess_port=int(self.port),

sharehound/worker.py

@@ -43,7 +43,12 @@ def __init__(self, max_connections_per_host: int = 8):
         self._lock = Lock()
 
     def get_connection(
-        self, host: str, options: argparse.Namespace, config: Config, logger: Logger
+        self,
+        host: str,
+        remote_name: str,
+        options: argparse.Namespace,
+        config: Config,
+        logger: Logger,
     ) -> Optional[SMBSession]:
         """Get an available connection for the host, creating one if needed."""
         with self._lock:
@@ -58,23 +63,23 @@ def get_connection(
                         connection.close_smb_session()
                     except Exception:
                         pass
-
             # Create new connection
             credentials = Credentials(
                 domain=options.auth_domain,
                 username=options.auth_user,
                 password=options.auth_password,
                 hashes=options.auth_hashes,
-                use_kerberos=False,
-                aesKey=None,
-                kdcHost=None,
+                use_kerberos=options.use_kerberos,
+                aesKey=options.auth_key,
+                kdcHost=options.kdc_host,
             )
 
             smb_session = SMBSession(
                 host=host,
                 port=445,
                 timeout=10,
                 credentials=credentials,
+                remote_name=remote_name,
                 advertisedName=options.advertised_name,
                 config=config,
                 logger=logger,
@@ -137,6 +142,7 @@ def process_share_task(
     share_name: str,
     share_data: dict,
     host: str,
+    remote_name: str,
     options: argparse.Namespace,
     config: Config,
     graph: OpenGraph,
@@ -157,12 +163,14 @@ def process_share_task(
     """
 
     # Create a task-specific logger for this share
-    task_logger = TaskLogger(base_logger=logger, task_id=f"{host}:{share_name}")
+    task_logger = TaskLogger(base_logger=logger, task_id=f"{remote_name}:{share_name}")
 
     def _process_share():
         with host_semaphore:  # Limit concurrency per host
             # Get connection from pool
-            smb_session = connection_pool.get_connection(host, options, config, logger)
+            smb_session = connection_pool.get_connection(
+                host, remote_name, options, config, logger
+            )
             if not smb_session:
                 task_logger.debug(f"Failed to get connection for host {host}")
                 return (0, 1, 0, 0, 0, 0, 0, 0)
@@ -310,7 +318,9 @@ def multithreaded_share_worker(
 
     try:
         target_type = target[0]
-        target_ip = target[1]
+        target_value = target[1]
+        remote_name = target_value
+        target_ip = target_value
 
         logger = Logger(config=config, logfile=options.logfile)
 
@@ -351,7 +361,7 @@ def multithreaded_share_worker(
 
         # Get initial connection to discover shares
         initial_connection = connection_pool.get_connection(
-            target_ip, options, config, logger
+            target_ip, remote_name, options, config, logger
         )
         if not initial_connection:
             logger.debug("Failed to initialize SMB session")
@@ -390,6 +400,7 @@ def multithreaded_share_worker(
                     share_name,
                     share_data,
                     target_ip,
+                    remote_name,
                     options,
                     config,
                     graph,