Exploitationkerberosactive-directoryabuseauthentication

Rubeus

Rubeus is a C# toolset for raw Kerberos interaction and abuses. It enables attacking Active Directory authentication mechanisms.

Description

Rubeus provides capabilities for raw Kerberos interaction and common abuses within Active Directory environments. It is heavily adapted from Benjamin Delpy’s Kekeo project and Vincent LE TOUX’s MakeMeEnterpriseAdmin project, offering a robust set of features for security testing.

The tool supports various Active Directory authentication attacks, including AS-REP Roasting and Kerberoasting, as highlighted in OffSec training courses like PEN-200. These techniques target weaknesses in Kerberos ticket handling and service account permissions.

Use cases include penetration testing scenarios where testers need to exploit Kerberos protocols for privilege escalation or credential access in Windows domains. The binary is located at /usr/share/windows-resources/rubeus/Rubeus.exe.

How It Works

Rubeus operates by directly interacting with Kerberos protocols in Active Directory environments, enabling raw manipulation of authentication tickets and requests. It leverages techniques such as AS-REP Roasting (targeting users without pre-authentication) and Kerberoasting (requesting and cracking service tickets), adapted from established projects like Kekeo and MakeMeEnterpriseAdmin. The tool executes as a C# binary, facilitating low-level protocol abuses.

Installation

bash
sudo apt install rubeus

Flags

-hDisplays help information for Rubeus commands

Examples

Shows the help menu for Rubeus, displaying available commands and options
rubeus -h
Runs Rubeus without arguments, likely showing basic usage information
rubeus
Performs AS-REP Roasting to target users without pre-authentication (inferred from training context)
rubeus asreproast
Executes Kerberoasting to request and crack service account tickets (inferred from training context)
rubeus kerberoast
Analyzes Kerberos tickets for potential abuse opportunities (common Rubeus usage pattern)
rubeus triage
Harvests Kerberos tickets from memory (common Rubeus usage pattern)
rubeus harvest
Runs the Windows binary version of Rubeus with help flag
/usr/share/windows-resources/rubeus/Rubeus.exe -h
Updated 2026-04-16kali.org ↗