Allow roasting computer accounts as well if specified

NeffIsBack · NeffIsBack · commit e80654f980b8 · 2025-09-10T12:49:17.000-04:00
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -1039,23 +1039,23 @@ def kerberoasting(self):
                         f.write(line + "\n")
             return
 
-        if self.args.kerberoast_users:
-            target_usernames = []
-            for item in self.args.kerberoast_users:
+        if self.args.kerberoast_account:
+            target_accounts = []
+            for item in self.args.kerberoast_account:
                 if os.path.isfile(item):
                     try:
                         with open(item, encoding="utf-8") as f:
-                            target_usernames.extend(line.strip() for line in f if line.strip())
+                            target_accounts.extend(line.strip() for line in f if line.strip())
                     except Exception as e:
                         self.logger.fail(f"Failed to read file '{item}': {e}")
                 else:
-                    target_usernames.append(item.strip())
+                    target_accounts.append(item.strip())
 
-            self.logger.info(f"Targeting specific users for kerberoasting: {', '.join(target_usernames)}")
+            self.logger.info(f"Targeting specific accounts for kerberoasting: {', '.join(target_accounts)}")
 
             # build search filter for specific users
-            user_filter = "".join([f"(sAMAccountName={username})" for username in target_usernames])
-            searchFilter = f"(&(servicePrincipalName=*)(!(objectCategory=computer))(|{user_filter}))"
+            user_filter = "".join([f"(sAMAccountName={username})" for username in target_accounts])
+            searchFilter = f"(&(servicePrincipalName=*)(|{user_filter}))"
         else:
             # default to all
             searchFilter = "(&(servicePrincipalName=*)(!(objectCategory=computer)))"
diff --git a/nxc/protocols/ldap/proto_args.py b/nxc/protocols/ldap/proto_args.py
@@ -14,7 +14,7 @@ def proto_args(parser, parents):
     egroup = ldap_parser.add_argument_group("Retrieve hash on the remote DC", "Options to get hashes from Kerberos")
     egroup.add_argument("--asreproast", help="Output AS_REP response to crack with hashcat to file")
     kerberoasting_arg = egroup.add_argument("--kerberoasting", "--kerberoast", help="Output TGS ticket to crack with hashcat to file")
-    kerberoast_users_arg = egroup.add_argument("--kerberoast-users", nargs="+", dest="kerberoast_users", action=get_conditional_action(_StoreAction), make_required=[], help="Target specific users for kerberoasting (usernames or file containing usernames)")
+    kerberoast_users_arg = egroup.add_argument("--kerberoast-account", nargs="+", dest="kerberoast_account", action=get_conditional_action(_StoreAction), make_required=[], help="Target specific accounts for kerberoasting (sAMAccountNames or file containing sAMAccountNames)")
     egroup.add_argument("--no-preauth-targets", nargs=1, dest="no_preauth_targets", help="Targeted kerberoastable users")
 
     # Make kerberoast-users require kerberoasting
