TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ghostpack/rubeus/llms.txt
Use this file to discover all available pages before exploring further.
hash command derives all four Kerberos key types from a plaintext password in a single operation. Supply /user and /domain to produce correct AES keys, since the AES key derivation standard (RFC 3962) salts the PBKDF2 function with the string DOMAIN.COMusername — omitting them yields unsalted AES keys that will not match what Active Directory stores.
Flags
The plaintext password to hash. This is the only required flag.
The account username. Combined with
/domain to form the AES salt (username@DOMAIN.COM). You can also supply the value as DOMAIN\username to set both flags at once.The DNS domain name (e.g.
CORP.LOCAL). Used alongside /user to build the correct AES salt. Ignored when /user is not provided.AES salts in Kerberos are case-sensitive. Always pass the domain in its canonical uppercase DNS form (e.g.
CORP.LOCAL) and the username in the exact case stored in Active Directory to produce keys that match the KDC.Examples
Hash a password without a salt
When no user or domain is supplied, Rubeus still computes all four key types. The AES keys will be unsalted and will not match what a domain controller stores for a real account, but the output is useful for standalone password testing.Hash with user and domain for correct AES keys
Pass/user and /domain to compute AES keys that match the domain controller’s stored values. These are the keys to use with /aes128 or /aes256 in commands such as asktgt.